Windows XP WPA2 PEAP authentication prompt
We are using Windows XP clients with WPA2 enterprise PEAP machine and user authentication (using windows supplicant, with the PEAP patch installed). We are using ACS 4.0.1 servers for authentication in a WDS environment.
The issue is sometimes we will see the laptop request authentication to the network once the user logs in. A yellow dialog box will appear in the lower right hand corner of the screen and request they reenter the username, password and domain. It does not happen often and most of the time this happens if for some reason the WLAN goes away, like a power outage, etc. But it does drive the users crazy and they drive me crazy about it.
Has anyone experianced this issue and know of why it is doing it and how to make it go away?
Thanks
yes, authentication is succesful after that.
I forgot to mention that the prompt says: "Click here to select a certificate or other credentials for conection to the network (SSID)"
This may just be a normal function of the Windows XP supplicant I have just been wondering.
Thanks for the responses.
Similar Messages
-
I have setup a 1231 AP with Windows 2003 IAS and Verisign WLAN certificate. Should I be prompted after a reboot to authenticate again? I currently am not forced to authenticate after a reboot but would like to force everyone to authenticate every time they boot or reboot.
Delete from registry the binary value in:
HKEY_CURRENT_USER\Software\Microsoft\EAPOL\USerEapInfo\
Then it will ask for credintialas again -
EAP-TLS or PEAP authentication failed during SSL handshake error
I have 2 Windows 2003 ACS 3.2 servers. I am in the process of upgrading them to ACS 4.0. I am using them for WPA2/PEAP wireless authentication in a WDS environment. I recently upgraded one to ACS 4.0 and ever since that time some (not all) of my Windows XP clients have started to not be authenticated and logging the error "EAP-TLS or PEAP authentication failed during SSL handshake" on the ACS 4.0 server. During the upgrade (which was successful) I did change the Certificate since the current one was going to expire November 2007.
The clients that do not authenticate on the ACS 4.0 server I can point to the ACS 3.2 server and they successfully authenticate there. I am able to resolve the issue by recreating the Windows XP PEAP profile for the wireless network and by getting a new client Cert. But, I have a couple of questions:
Is the "EAP-TLS or PEAP authentication failed during SSL handshake" error due to the upgrade to ACS 4.0 or to the fact that I changed the Certificate, or both?
Can this error ("EAP-TLS or PEAP authentication failed during SSL handshake") be resolved without me touching every Windows XP client (we have over 250+)?
Thanks for the helpMy experience suggests that the problem is the certificate.
I'm running ACS 3.3.
I received the same error message when my clients copied the certificate to the wrong location, or otherwise did not correctly follow the provided instructions.
Correctly following the instructions led to a successful connection and no more error message. -
An user as part of the domain users tries to open an office file from a document library but he got an authentication prompt asking him to authenticate. Domain users has only access to this library and not to the whole site. This uses to work in SharePoint
2007 without any problem but not in SharePoint 2013, we didn't have a workflow on SP2007.
Domain users has read access to only this document library in the site, but he shouldn't get an authentication prompt since he is part of the domain users and he is not trying to modify the document, he can open the document but gets two prompts, he can't
also see the list using explorer view since nothings appears using the explorer view.
Now, when opening the file, we can see..Updating Workflow Status, but we don't have any workflow working on this site or library, event any feature related to workflow.
If we go to the event viewer in the server, we find this information,
I also checked this thread but I couldn't find this scenario.
https://social.technet.microsoft.com/Forums/sharepoint/en-US/91bc770b-bb70-4885-a4ad-a243edb88753/event-id-8026-workflow-soap-getworkflowdataforitem-failed-doc-library-no-workflow?forum=sharepointgeneralprevious
I also created another list with the same permissions and using other office files but got the same behavior.
Now, we have migrated this site from SP2007 to SP2013.
Any ideas?OK, I am going to throw out a lot of ideas here so hopefully they get you closer to a diagnosis. Hang on :)
Does it happen to work for some users but not others? If so, try logging in on the "good" computer with the "bad" username. This will tell you if the problem is related to the end-user's system. Also, once the user downloads a document
successfully can they open and work on it in Word? Also, does the document library have any custom content types associated with it or does it just use 'Document'?
I notice that there are other folks on the web that have run into this same problem and the similarity seems to be that they are either on SharePoint 2007 or have upgraded from 2007. Did this doc library start out as a 2007 library?
What you might want to do is this: Make a site collection from scratch in 2013 (or find one that you know was created in 2013). Choose team site (or whatever you want) for the root web and set up the security the same way you have it on the malfunctioning
library. Now, use windows explorer to copy and paste some of the documents to the new location. Be sure you recreate any needed content types. Now test it from the troubled user's computer.
I'm thinking there may be something that is different about the library since it was migrated through various versions and updates since 2007. I've sometimes found that there can be problems (especially with user profiles but that's a different story) with
things that go through this evolution. -
Unable to connect to Wi-Fi connection using WPA2 PSK authentication and encryption type TKIP
I was referred to here from this thread at the Windows Insider Program: http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_web/unable-to-connect-to-wi-fi-connection-using-wpa2/07bae1ed-c7fb-4f85-9d26-5549cc23e57a?msgId=2eb70420-fe35-494b-a13d-dcacd4d55eb9&rtAction=1426697691002
My issue is copy/pasted below:
Original Title: TKIP selection in WiFi network settings
I have a workplace WiFi connection using WPA2 PSK authentication and encryption type TKIP.
On the machine I used to test Windows 10, I had a previous installation of Windows 7 professional which connected to my workplace WiFi using the above settings. After installing Windows 10, my workplace wifi settings were imported and worked fine.
Windows 10 had a system crash, and since I had deleted my previous windows installation, I performed a complete reinstall of Windows 7. However, when I went to install Windows 10 again, I had not taken the time to set up my workplace Wifi on Windows
7 before installing Windows 10. As a result, I had to set up my workplace wifi as a new connection in Windows 10.
When going to set up the wifi connection, the encryption type was grayed out, but appeared to default to AES. Searching the internet suggested that Windows 8.1 did not need a encryption type selected, because Windows could automatically determine
if it was TKIP or AES, hence why the option to select encryption type was grayed out. However, after completing the setup of my workplace wifi, Windows 10 could not connect to my workplace wifi. After restoring Windows 7 with a factory reset, and setting up
the workplace wifi (the encryption type selection was not grayed out and I manually selected TKIP encryption), my workplace wifi was working again.I was referred to here from this thread at the Windows Insider Program: http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_web/unable-to-connect-to-wi-fi-connection-using-wpa2/07bae1ed-c7fb-4f85-9d26-5549cc23e57a?msgId=2eb70420-fe35-494b-a13d-dcacd4d55eb9&rtAction=1426697691002
My issue is copy/pasted below:
Original Title: TKIP selection in WiFi network settings
I have a workplace WiFi connection using WPA2 PSK authentication and encryption type TKIP.
On the machine I used to test Windows 10, I had a previous installation of Windows 7 professional which connected to my workplace WiFi using the above settings. After installing Windows 10, my workplace wifi settings were imported and worked fine.
Windows 10 had a system crash, and since I had deleted my previous windows installation, I performed a complete reinstall of Windows 7. However, when I went to install Windows 10 again, I had not taken the time to set up my workplace Wifi on Windows
7 before installing Windows 10. As a result, I had to set up my workplace wifi as a new connection in Windows 10.
When going to set up the wifi connection, the encryption type was grayed out, but appeared to default to AES. Searching the internet suggested that Windows 8.1 did not need a encryption type selected, because Windows could automatically determine
if it was TKIP or AES, hence why the option to select encryption type was grayed out. However, after completing the setup of my workplace wifi, Windows 10 could not connect to my workplace wifi. After restoring Windows 7 with a factory reset, and setting up
the workplace wifi (the encryption type selection was not grayed out and I manually selected TKIP encryption), my workplace wifi was working again. -
Outlook Authentication Prompts
Having a lot of problems with Outlook 2010/2013 authentication prompts. Client is migrating from EX 2010 and going to onsite EX 2013. Both Outlook 2010 & 2013 get the prompts. At this point in the migration, all internal DNS records point to the load
balancer which goes to the 2013 DAG environment. I have verified the Outlook Anywhere settings on 2013 about 100 times.
External Host Name and Internal Host Name are identical: mail.company.com
External/Internal ClientAuthenticationMethods NTLM
IISAuthenticationMethods {Basic, NTLM, Negotiate}
Require SSL is true for both External/Internal
I have tried many things already, but I am still getting prompted. However, when I modify the local Hosts file to point to Exchange 2010 directly (for those users who are still on 2010), I get no prompts at all.
I have also tried pointing the hosts file to the 2013 servers directly, bypassing the load balancer and the prompts still happen. So, it is not the load balancer.
Thoughts?
MCITP Exchange 2010 | MCITP Lync Server 2010 | MCTS Windows 2008Hello,
What’s the server name on the credential window? Is it the CAS server or MBX server?
How about manually canceled credential windows, can you still use Outlook to send/receive emails properly?
If the authentication failed when connecting to the CAS server, please check the authentication settings on each VDirs.
If the authentication failed when connecting to the MBX server, please check if the public folder migrated properly.
Thanks,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Simon Wu
TechNet Community Support -
Hi,
I configured a Cisco AP 1200 IOS with PEAP.
Hereby the AP Config:
aaa new-model
aaa group server radius rad_eap
server 192.168.4.58 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 arp-cache optional
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 184 key 1 size 128bit 7 xxxx transmit-key
encryption vlan 184 mode wep mandatory mic key-hash
encryption key 1 size 128bit 7 xxxxx transmit-key
encryption mode wep mandatory
broadcast-key vlan 184 change 3600
ssid test
vlan 184
authentication open eap eap_methods
authentication network-eap eap_methods
world-mode
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
station-role root
dot1x reauth-period 1800
dot1x client-timeout 1800
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.184
encapsulation dot1Q 184
no ip route-cache
bridge-group 184
bridge-group 184 subscriber-loop-control
bridge-group 184 block-unknown-source
no bridge-group 184 source-learning
no bridge-group 184 unicast-flooding
bridge-group 184 spanning-disabled
interface FastEthernet0
no ip address
ip accounting output-packets
no ip route-cache
speed 100
full-duplex
interface FastEthernet0.3
encapsulation dot1Q 3 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.184
encapsulation dot1Q 184
no ip route-cache
bridge-group 184
no bridge-group 184 source-learning
bridge-group 184 spanning-disabled
interface BVI1
ip address 192.168.4.98 255.255.254.0
ip accounting output-packets
no ip route-cache
ip default-gateway 192.168.4.3
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
ip radius source-interface BVI1
radius-server local
radius-server host 192.168.4.58 auth-port 1645 acct-port xxxx key xxx
radius-server timeout 120
radius-server deadtime 1200
radius-server domain-stripping
radius-server attribute 32 include-in-access-req format %h
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
bridge 1 protocol ieee
bridge 1 route ip
bridge 184 protocol ieee
W're using a Cisco Wireless client adaptor with the latest ACU version fully installed and configured my client for PEAP. I also configured the Windows XP network settings appropriately.
The RADIUS we are using is a Cisco ACS 3.2.1. We used a Microsoft certificate for the server that we issued ourselves.
Without configuring security, the client can associate with the AP, but when we enable PEAP and I open the ACU status screan, the client associates with the AP, but canot authenticate successfully. Status hangs on 'autenticating'. I don't see any traffic to the RADIUS server.
Who can help us?
Thanks in advance!I just opened a TAC case on this one whereby I have already installed the latest client, made sure PEAP is installed, had the latest WAP image, network security setup on the ACU as per the documentation to select the "host base EAP(802.1x) and select dynamic wep, then turned on debug options on the WAP to see the communication between the client and the WAP:
debug radius authentication
debug dot11 aaa dot1x process
debug dot11 aaa dot1x state-machine
Guess what... there is no communication between the client and the wap for authentication. You can see association and even get an ip address from dhcp but...
The advise as per the TAC engineer is to put in a Static WEP key for now and you should get the communication going. They have already noticed this on some calls and have not seen a bug case # assigned to it. They will be working a fix on the next release. Once you do that you should see the Raduis and 802.1x communication going on.
After doing this I can then concentrate on why I am not getting PEAP authenticated on our Funk Radius EE Server v4.7.
The other thing...remove the "authentication network-eap eap_methods" when you are doing PEAP. You enable that for LEAP so you have to create a different vlan for that.
I use 1812/1813 for the radius server.
:-) Ed -
Ipad 2 802.1X PEAP Authentication problem (With profile from IPCU)
Hi!
I'm in the processes of setting up a new wireless network for a costumer.
A little info about the hardware:
Cisco WLC 5508
Cisco AP 2602i
Cisco ISE - radius server
ipads gen 4 (iOS 6)
EAP-TLS (windows machines) and PEAP (Other stuff, ipads, andriod etc) as authentications methods
The radius server is using a server certificate from thier own PKI infrastructure therefor i need to push the root certificate of their CA to the clients in order to verify the authentication server. For this I use the iphone/ipad configuration utility.
I use the Use Per-connection password option
User that are allowed to connect are placed in a specific group in there AD.
The problem that I have is:
When a user thats not allowed to connect tries to authenticate to the network the ipad says stop and thats the way it supposed to be.
BUT after someone has faild to authenticate to the network and somebody else tries to connect the ipad only ask for a password and not a username.
I cant seem to get rid of this popup and therefor the ipad cant connect.
If I don't use the profile I can forget about the network and after that i can connect with a different user.
But then i can't verify the server-certificate and use the option per-connection password!
Please help!
Has someone else seen this type of bug.
//SimonHi, I am new with 802.1x, and was hoping that someone would help with these queries:
1. How is a certificate requested without being allowed on a network that is not authenticated with 802.1x. I had to first connect to an active network, retrieve a certificate with the proper username and password, and then physically connect to the port on the 2950 switch which was enabled to do 802.1x
2. My config is as below:
aaa new-model
aaa authentication dot1x default group radius
aaa authenication login default group radius
dot1x system-auth-control
interface f0/1
switchport mode access
dot1x port-control auto
end
I able to login using the radius server, so radius is working (on ports other than f1/0). However when connecting to f1/0, the port on the 2950 remains blocked.
3. The certificate is issued by the ca server, is viewable via Internet explorer,and is issued to the correct username which is on the active directory.
I even tried using local authenication with 802.1x, this did not work
4. If I have a certificate, will this automatically give me access to the 802.1x port?
5. I have windows 2000, and authenication is set to 'Smart Card or other certificate.
Am I missing anything?
Any advise will be greatly appreciated
Chris -
EAP-TLS or PEAP authentication failed during SSL handshake
Hi Pros,
I am a newbie in the ACS 4.2 and EAP-TLS implementation, with that being said. I face an issue during a EAP-TLS implementation. My search shows that this kind of error message is already certificate issue;However, I have deleted and recreated the certificate in both ACS and the client with the same result. I have deleted and re-install the certchain as well.
When I check my log in the failed attemps, there is what I found:
Date
Time
Message-Type
User-Name
Group-Name
Caller-ID
Network Access Profile Name
Authen-Failure-Code
Author-Failure-Code
Author-Data
NAS-Port
NAS-IP-Address
Filter Information
PEAP/EAP-FAST-Clear-Name
EAP Type
EAP Type Name
Reason
Access Device
Network Device Group
06/23/2010
17:39:51
Authen failed
000e.9b6e.e834
Default Group
000e.9b6e.e834
(Default)
EAP-TLS or PEAP authentication failed during SSL handshake
1101
10.111.22.24
25
MS-PEAP
wbr-1121-zozo-test
Office Networ
06/23/2010
17:39:50
Authen failed
[email protected]
Default Group
000e.9b6e.e834
(Default)
EAP-TLS or PEAP authentication failed during SSL handshake
1098
10.111.22.24
25
MS-PEAP
wbr-1121-zozo-test
Office Network
[email protected] = my windows active directory name
1. Why under EAP-TYPE it shows MS-PEAP not EAP-TLS? I did configure EAP-TLS....
2. Why sometimes it just shows the MAC of the client for username?
3. Why it puts me in DEFAULT-GROUP even though i belongs to a group well definy in the acs?
2. Secondly, When I check in pass authentications... there is what i saw
Date
Time
Message-Type
User-Name
Group-Name
Caller-ID
NAS-Port
NAS-IP-Address
Network Access Profile Name
Shared RAC
Downloadable ACL
System-Posture-Token
Application-Posture-Token
Reason
EAP Type
EAP Type Name
PEAP/EAP-FAST-Clear-Name
Access Device
Network Device Group
06/23/2010
17:30:49
Authen OK
groszozo
NOC Tier 2
10.11.10.105
1
10.111.22.24
(Default)
wbr-1121-zozo-test
Office Network
06/23/2010
17:29:27
Authen OK
groszozo
NOC Tier 2
10.11.10.105
1
10.111.22.24
(Default)
wbr-1121-zozo-test
Office Network
In the output below, it says that the user is authenticate and it puts the user in the right group with the right username, but the user never really authenticate. Maybe for the first few seconds when I initiate the connection.
Before I forget, the suppliant is using WIN XP and 802.1x is enable. I even uncheck not verify the server and the ACS under External User Databases, I did check ENABLE EAP-TLS machine authentication.
Thanks in advance for your help,
Crazy---Any ideas on this guys?? In my end, i've been reading some docs... Things started to make sens to me, but I still cannot authenticate, still the same errors. One more thing that catch my attention now is the time it takes to open a telnet session to cisco device which has the ACS for auth server.
My AD(Active Direct) and the ACS server are local same subnet(server subnet). Ping to the ACS from my desktop which is in different subnet is only take 1ms. To confirm that the issue is the ACS server, I decided to use another server in remote location, the telnet connection is way faster than the local ACS.
Let's brain storm together to figure out this guys.
Thanks in advance,
----Paul -
EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake
Hi All ,
I am trying to test EAP_TLS authentication on acs 4.2.1.15 running on Appliance 1120 , I have installed my server certficate along with CA certficate on my appliance box , I have enabled features of EAP_TLS under golbal authentication setup .
I have downloaded client supplicant certficate file for my windows XP machine .
When i tried to authenticated i am finding following error message under failed attempts(EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake) on my acs appliance box .
Under certficate revocation list , I have forced my CA as CRL in use . Attached snap shot of all .
Suggest me whether i need to enable all corresponding CA certficate undercertficate trust list , Kindly let me know were i am doing wrong on this ..Hello,
I am NO expert on certificates but I have seen your error dozens of times from wireless clients on my Cisco ACS 4.2 Radius server.
Through trial and error I wrote up this procedure for our Helpdesk for installing certs in Windows XP and Windows 7. These steps haven't failed me yet and the Helpdesk doesn't bother me as much anymore so see if this helps you:
- Manually install the Global CA under BOTH Trusted Root Certification Authorities\Certificates AND Intermediate Certification Authorities\Certificates
- Manually install the Intermediate CA under JUST the Intermediate Certification Authorities\Certificates
- Delete the wireless network from the computer
- REBOOT!!
- Open the Microsoft Management Console, “mmc”.
- Go FILE\Add Remove SnapIn. Select Certificates ..
- If promoted, do it for “My User Account”.
- Make sure the certificates are where you put them.
- If you see any of these exact certificates out of place in either Trusted Root Certification Authorities\Certificates or Intermediate Certification Authorities\Certificates, remove them.
- Redo wireless network setup again
I hope this helps you.
Mike -
EAP-TLS or PEAP authentication failed during SSL handshake to the ACS serve
We are running the LWAPP (2006 wlc's and 1242 AP's) and using the ACS 4.0 for authentication. Our users are
experiencing an issue, where they are successfully authenticated the first time, however as the number of them is increasing, they're starting to drop the connections and being prompted to re-authenticate. At this point, they are not being able to authenticate again.
We're using PEAP for the authentication and Win XP SP2 clients as the supplicants. The error message that we are seeing on the ACS for that controller is "EAP-TLS or PEAP authentication failed during SSL handshake to the ACS server"...Not sure if this error msg is relevant since we have other WLC's that are working OK and still generating the same error msg on the ACS...
Thanks..Here are some configs you can try:
config advanced eap identity-request-timeout 120
config advanced eap identity-request-retries 20
config advanced eap request-timeout 120
config advanced eap request-retries 20
save config -
Airport Extreme: PEAP authentication failure when NAT is enabled
Setup: Airport Extreme firmware 5.6, Windows Admin Utility 5.2
Airport's WAN port connected to an internal network with Windows 2003 IAS RADIUS server; Airport's LAN port disconnected.
Windows XP client (using Microsoft zero-configuration client)
client and server set up to use PEAP authentication
If I set up the Airport in bridge mode (uncheck the "Distribute IP Addresses" box in the Network setup tab), the client can authenticate correctly and can obtain an IP address from a DHCP server on my internal network.
If I check the "Distribute IP Addresses" box, select "Share a single address with DHCP & NAT" and the 192.168.1.1/24 address range, the client can no longer authenticate. I haven't changed anything else on either the Airport or the RADIUS server.
Network traces taken on the wired (WAN) and wireless side of the Airport show that the first few exchanges of the EAP handshake go through fine, but the server's reply to the client's "TLS Hello" message are being blocked by the Airport. Up to that point, I don't see any significant difference between the exchanges with NAT enabled or disabled; it's just that the Airport passes the server's message to the client correctly when NAT is off and blocks it when NAT is on.
Airport Extreme Windows XPMy mistake - posted to the wrong forum! I've restarted the thread on the Airport Extreme forum.
-
PEAP Authentication before Login
Hello,
I try to use PEAP in our Wireless Enviorment.
Authentication works fine, but only when I'm always be logged in on the Machine (Logged in Localy).
What I want is PEAP Authentication run before the
Network Login so that all our LoginScript's runs.
Enviroment:
XP Client SP1 with GTC Login and Cisco PCMCIA
XP Client SP1 with MS-CHAP v2 and INTEL MINI PCI
Cisco ACS 3.2
AP 350
AP 1200
Could anyone help me?Yes, we have implemented the following with success :
Windows Client <==> Access Point <==> FW <==> Radius <==> Windows DC/AD
Windows OS : XP Client SP 1
Supplicant : Built-in Wireless Supplicant
Authentication : 802.1x PEAP(MS-Chapv2)
Access Point : Aironet 1200
Radius : ACS 3.2
Adaptors : 350 /340
CA : Microsoft
Once configured correctly, five phases of authentication will take place :
1st Authentication ==> Wireless Open/Shared Authentication
(transparent to user - activated by the wireless supplicant automatically)
2nd Authentication ==> 802.1x PEAP "computer account" authentication
(transparent to user - activated by wireless supplicant and enabling "authenticated when computer information")
3rd Authentication ==> "computer logon process" authentication to domain controller/active directory
(transparent to user - activated by Windows 2000 or Windows XP)
4th Authentication ==> "user logon process" authentication to domain controller/active directory
(transparent to user - activated by Windows 2000 or Windows XP)
5th Authentication ==> 802.1x PEAP "domain account" authentication
(transparent to user - activated by wireless supplicant and enabling wireless supplicant for PEAP-use my windows username and password)
- 2nd authentication will enable the computer have TCP/IP connectivity after 802.1x authenticates.
- 3rd authentication will allow the computer startup/group policies to load from DC/AD.
- 4th authentication will activate the user logon to load from DC/AD.
- Make sure "Authenticate as Computer when computer information is available on the wireless supplicant"
- Search for microsoft patches using the following keywords : wireless OR PEAP OR 802.1x OR WPA.
Especially those relating to DHCP.
- Use lastest IOS from Cisco. -
Hi
I've created a local EAP profile for PEAP authentication and configured user accounts in the WLCs. When I tried to connect to the SSID via my iPhone, popped up a certificate (local WiSM) and I accepted it then it failed with incorrect username/password. The same username/password works fine with Windows Vista laptop. Any help?
ThanksMay be just show local-auth config, show wlan x, show local-auth statistics.?
I am assuming you have only peap checked . ( and nothing else enabled like Server cert etc ). IPhone is it running latest code ?
Thanks..Salil -
Our company will soon roll out wireless (5500 controller and 1140 APs), we're going to utilize PEAP to authenticate agains Active Directory. To test things out, i used an old Aironet 1230 ap and a Win2k radius server. I was able to set up PEAP authentication, and my client, both a XP laptop and a Blackberry connected successfully but only with 128 bit WEP. It does not work with WPA/WPA2.
It seems like a client problem, perhaps on the client. "Enable IEEE 802.1x authentication for this network" setting is greyed out if I select WPA or WPA2. However, my Blackberry won't connect either, unless WEP is selected as the cipher.
What am I doing wrong?802.1x is for WEP encryption. If that is what you want to use with PEAP then you need to configure your client with Open and WEP, then you can select 802.1x. This would still allow you to use PEAP/LEAP/EAP-FAST.
If you want to use WPA/WPA2 encryption then select WPA/WPA2, then choose PEAP or Smart Card or Certificate. Since you choose WPA/WPA2 you are not needing 802.1x WEP.
What you are seeing is the proper way the client should function. On that first page you are defining the way that the data is going to be encrypted.
I hope this clears things up for you.
Please remember to rate for answers that help.
Seth
Maybe you are looking for
-
Hi, I have installed both Netweaver Java and ABAP edition on the same machine successfully. I can started both instances on the same time. No problem so far.... However, when trying WebDynpro ABAP, I got the system message "The runtime of WebDynpro A
-
Using new iPod on guest computer?
Hi there Just got an iPod for Christmas and I want to download some music. The trouble is that I am in Canada on my dad's computer, but I live in England and won't return there for another week. The user agreement that comes up when I hook the iPod u
-
I'm having abit of trouble creating a login can someone rune this code and see if it works JAVA DAO package SportsUserwebsite; import java.io.*; import java.sql.*; import javax.naming.*; import javax.sql.*; import java.util.*; public class SporticusU
-
Video Cameras What should I buy Panasonic or Sony?
I am looking to upgrade to a new camcorder from a Panasonic TM700 to either a Panasonic HC-X900M or a Sony HDRPJ760VE. The reason for the upgrade is because my TM700 will no longer switch off, making it necessary for me to detach the battery after ea
-
RAID performance is poor on the K8N NEO NF4 SLi mobo...why?
I reccently downloaded and purchased pcmark05 to keep tabs on my system performance, I have 2 wd800jb/se ide in raid'0', isn't there supposed to be a performance gain with using raid?, is it a hardware or software version of raid that is used with my