01-23-2025 06:58 AM
Hello, thank you for reading.
I want to have my users log into WiFi using AD credentials. WITHOUT having to download or accept a certificate manually.
-Cisco WLC 5520
Details:
1. Radius PEAP-EAP-MSCHAP V2 Setup
2. When connecting to WLAN it prompts users to trust a Godaddy Cert manually.
(I dont want users to have to do this, its more complicated on android because they have to enter the domain)
3. If I try to set the WLAN up for authentication through webauth, I have no option to use radius.
Extra details:
1. I have setup a godaddy cert on my Radius server with a trusted chain.
2. I have uploaded this cert to my WLC under webauth.
Did I mess up the cert installation somehow or is there a way to do this without making them accept the cert??
Thank you for taking the time to read this and to anyone who replies.
Solved! Go to Solution.
01-23-2025 07:30 AM
You need to read this
The wireless client associates with the AP. An IEEE 802.11-based association provides an open system or shared key authentication before a secure association is created between the client and the access point. After the IEEE 802.11-based association is successfully established between the client and the access point, the TLS session is negotiated with the AP. After authentication is successfully completed between the wireless client and NPS, the TLS session is negotiated between the client and NPS. The key that is derived within this negotiation is used to encrypt all subsequent communication."
You need to provision the client with the certificate in order to the phase 1 to be completed.
Webauth is totally different from PEAP.
01-23-2025 07:30 AM
You need to read this
The wireless client associates with the AP. An IEEE 802.11-based association provides an open system or shared key authentication before a secure association is created between the client and the access point. After the IEEE 802.11-based association is successfully established between the client and the access point, the TLS session is negotiated with the AP. After authentication is successfully completed between the wireless client and NPS, the TLS session is negotiated between the client and NPS. The key that is derived within this negotiation is used to encrypt all subsequent communication."
You need to provision the client with the certificate in order to the phase 1 to be completed.
Webauth is totally different from PEAP.
01-23-2025 02:44 PM
The users need a root certificate that has signed the certificate being used for the auth on the Radius server. Even though its EAP-PEAP
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide