WLC PEAP authentication
Hi
I've created a local EAP profile for PEAP authentication and configured user accounts in the WLCs. When I tried to connect to the SSID via my iPhone, popped up a certificate (local WiSM) and I accepted it then it failed with incorrect username/password. The same username/password works fine with Windows Vista laptop. Any help?
Thanks
May be just show local-auth config, show wlan x, show local-auth statistics.?
I am assuming you have only peap checked . ( and nothing else enabled like Server cert etc ). IPhone is it running latest code ?
Thanks..Salil
Similar Messages
-
EAP-TLS or PEAP authentication failed during SSL handshake to the ACS serve
We are running the LWAPP (2006 wlc's and 1242 AP's) and using the ACS 4.0 for authentication. Our users are
experiencing an issue, where they are successfully authenticated the first time, however as the number of them is increasing, they're starting to drop the connections and being prompted to re-authenticate. At this point, they are not being able to authenticate again.
We're using PEAP for the authentication and Win XP SP2 clients as the supplicants. The error message that we are seeing on the ACS for that controller is "EAP-TLS or PEAP authentication failed during SSL handshake to the ACS server"...Not sure if this error msg is relevant since we have other WLC's that are working OK and still generating the same error msg on the ACS...
Thanks..Here are some configs you can try:
config advanced eap identity-request-timeout 120
config advanced eap identity-request-retries 20
config advanced eap request-timeout 120
config advanced eap request-retries 20
save config -
WLC user authentication and SSID broadcast
Hi Everyone,
Need to confirm if WLC is sending the ssid as broadcast or not?
Also if users connect if they get the ip from dhcp need to confirm how they are getting authenticated?
Regards
MaheshWith respect to username you are correct.
But regarding authentication you cannot come to a conclusion like that, You have to see the full "show client detail " . Here is an example of PEAP authenticated client. Authentication algorithm open system does not mean user does not use password. Any EAP method Authentication Algorithm show as open system, but still user has to enter their credential (except TLS where it is certificate based)
(WLC) >show client detail 04:1e:64:13:f9:03
Client MAC Address............................... 04:1e:64:13:f9:03
Client Username ................................. smcowgill
AP MAC Address................................... c4:0a:cb:a0:e8:50
AP Name.......................................... APc464.13b4.4be8
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 2
Hotspot (802.11u)................................ Not Supported
BSSID............................................ c4:0a:cb:a0:e8:51
Connected For ................................... 7520 secs
Channel.......................................... 1
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Client CCX version............................... No CCX support
Re-Authentication Timeout........................ 3284
802.1P Priority Tag.............................. 6
CTS Security Group Tag........................... Not Applicable
KTS CAC Capability............................... No
WMM Support...................................... Enabled
APSD ACs....................................... BK BE VI VO
Power Save....................................... ON
Current Rate..................................... 54.0
Supported Rates.................................. 12.0,18.0,24.0,36.0,48.0,54.0
Mobility State................................... Foreign
Mobility Anchor IP Address....................... 10.14.7.247
Mobility Move Count.............................. 3
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
Audit Session ID................................. 0a0a06f400040f985228de2e
IPv4 ACL Name.................................... none
IPv4 ACL Applied Status.......................... Unavailable
IPv6 ACL Name.................................... none
IPv6 ACL Applied Status.......................... Unavailable
Client Type...................................... SimpleIP
PMIPv6 State..................................... Unavailable
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
No. of mDNS Services Advertised.................. 0
Policy Type...................................... WPA2
Authentication Key Management.................... 802.1x
Encryption Cipher................................ CCMP (AES)
Protected Management Frame ...................... No
Management Frame Protection...................... No
EAP Type......................................... PEAP -
Hi,
I configured a Cisco AP 1200 IOS with PEAP.
Hereby the AP Config:
aaa new-model
aaa group server radius rad_eap
server 192.168.4.58 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 arp-cache optional
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 184 key 1 size 128bit 7 xxxx transmit-key
encryption vlan 184 mode wep mandatory mic key-hash
encryption key 1 size 128bit 7 xxxxx transmit-key
encryption mode wep mandatory
broadcast-key vlan 184 change 3600
ssid test
vlan 184
authentication open eap eap_methods
authentication network-eap eap_methods
world-mode
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
station-role root
dot1x reauth-period 1800
dot1x client-timeout 1800
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.184
encapsulation dot1Q 184
no ip route-cache
bridge-group 184
bridge-group 184 subscriber-loop-control
bridge-group 184 block-unknown-source
no bridge-group 184 source-learning
no bridge-group 184 unicast-flooding
bridge-group 184 spanning-disabled
interface FastEthernet0
no ip address
ip accounting output-packets
no ip route-cache
speed 100
full-duplex
interface FastEthernet0.3
encapsulation dot1Q 3 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.184
encapsulation dot1Q 184
no ip route-cache
bridge-group 184
no bridge-group 184 source-learning
bridge-group 184 spanning-disabled
interface BVI1
ip address 192.168.4.98 255.255.254.0
ip accounting output-packets
no ip route-cache
ip default-gateway 192.168.4.3
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
ip radius source-interface BVI1
radius-server local
radius-server host 192.168.4.58 auth-port 1645 acct-port xxxx key xxx
radius-server timeout 120
radius-server deadtime 1200
radius-server domain-stripping
radius-server attribute 32 include-in-access-req format %h
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
bridge 1 protocol ieee
bridge 1 route ip
bridge 184 protocol ieee
W're using a Cisco Wireless client adaptor with the latest ACU version fully installed and configured my client for PEAP. I also configured the Windows XP network settings appropriately.
The RADIUS we are using is a Cisco ACS 3.2.1. We used a Microsoft certificate for the server that we issued ourselves.
Without configuring security, the client can associate with the AP, but when we enable PEAP and I open the ACU status screan, the client associates with the AP, but canot authenticate successfully. Status hangs on 'autenticating'. I don't see any traffic to the RADIUS server.
Who can help us?
Thanks in advance!I just opened a TAC case on this one whereby I have already installed the latest client, made sure PEAP is installed, had the latest WAP image, network security setup on the ACU as per the documentation to select the "host base EAP(802.1x) and select dynamic wep, then turned on debug options on the WAP to see the communication between the client and the WAP:
debug radius authentication
debug dot11 aaa dot1x process
debug dot11 aaa dot1x state-machine
Guess what... there is no communication between the client and the wap for authentication. You can see association and even get an ip address from dhcp but...
The advise as per the TAC engineer is to put in a Static WEP key for now and you should get the communication going. They have already noticed this on some calls and have not seen a bug case # assigned to it. They will be working a fix on the next release. Once you do that you should see the Raduis and 802.1x communication going on.
After doing this I can then concentrate on why I am not getting PEAP authenticated on our Funk Radius EE Server v4.7.
The other thing...remove the "authentication network-eap eap_methods" when you are doing PEAP. You enable that for LEAP so you have to create a different vlan for that.
I use 1812/1813 for the radius server.
:-) Ed -
EAP-TLS or PEAP authentication failed during SSL handshake
Hi Pros,
I am a newbie in the ACS 4.2 and EAP-TLS implementation, with that being said. I face an issue during a EAP-TLS implementation. My search shows that this kind of error message is already certificate issue;However, I have deleted and recreated the certificate in both ACS and the client with the same result. I have deleted and re-install the certchain as well.
When I check my log in the failed attemps, there is what I found:
Date
Time
Message-Type
User-Name
Group-Name
Caller-ID
Network Access Profile Name
Authen-Failure-Code
Author-Failure-Code
Author-Data
NAS-Port
NAS-IP-Address
Filter Information
PEAP/EAP-FAST-Clear-Name
EAP Type
EAP Type Name
Reason
Access Device
Network Device Group
06/23/2010
17:39:51
Authen failed
000e.9b6e.e834
Default Group
000e.9b6e.e834
(Default)
EAP-TLS or PEAP authentication failed during SSL handshake
1101
10.111.22.24
25
MS-PEAP
wbr-1121-zozo-test
Office Networ
06/23/2010
17:39:50
Authen failed
[email protected]
Default Group
000e.9b6e.e834
(Default)
EAP-TLS or PEAP authentication failed during SSL handshake
1098
10.111.22.24
25
MS-PEAP
wbr-1121-zozo-test
Office Network
[email protected] = my windows active directory name
1. Why under EAP-TYPE it shows MS-PEAP not EAP-TLS? I did configure EAP-TLS....
2. Why sometimes it just shows the MAC of the client for username?
3. Why it puts me in DEFAULT-GROUP even though i belongs to a group well definy in the acs?
2. Secondly, When I check in pass authentications... there is what i saw
Date
Time
Message-Type
User-Name
Group-Name
Caller-ID
NAS-Port
NAS-IP-Address
Network Access Profile Name
Shared RAC
Downloadable ACL
System-Posture-Token
Application-Posture-Token
Reason
EAP Type
EAP Type Name
PEAP/EAP-FAST-Clear-Name
Access Device
Network Device Group
06/23/2010
17:30:49
Authen OK
groszozo
NOC Tier 2
10.11.10.105
1
10.111.22.24
(Default)
wbr-1121-zozo-test
Office Network
06/23/2010
17:29:27
Authen OK
groszozo
NOC Tier 2
10.11.10.105
1
10.111.22.24
(Default)
wbr-1121-zozo-test
Office Network
In the output below, it says that the user is authenticate and it puts the user in the right group with the right username, but the user never really authenticate. Maybe for the first few seconds when I initiate the connection.
Before I forget, the suppliant is using WIN XP and 802.1x is enable. I even uncheck not verify the server and the ACS under External User Databases, I did check ENABLE EAP-TLS machine authentication.
Thanks in advance for your help,
Crazy---Any ideas on this guys?? In my end, i've been reading some docs... Things started to make sens to me, but I still cannot authenticate, still the same errors. One more thing that catch my attention now is the time it takes to open a telnet session to cisco device which has the ACS for auth server.
My AD(Active Direct) and the ACS server are local same subnet(server subnet). Ping to the ACS from my desktop which is in different subnet is only take 1ms. To confirm that the issue is the ACS server, I decided to use another server in remote location, the telnet connection is way faster than the local ACS.
Let's brain storm together to figure out this guys.
Thanks in advance,
----Paul -
EAP-TLS & ACE Appliance "EAP-TLS or PEAP authentication failed"
Hello - I have a version 3.2 of the ACS appliance and I am trying to set up a successful test of EAP-TLS. I have a W2K server for a CA and I believe I have the certificate install properly. However, I get the "EAP-TLS or PEAP authentication failed during SSL handshake" error message in my failed attempts log. The troubleshooting document tells me to look at the CSAuth.log file but I can't seem to find in on the ACS Appliance.
Does anyone have any ideas how to troubleshoot this problem with the appliance?If the client's certificate on the ACS is invalid (which depends on the certificate's valid "from" and "to" dates, the server's date and time settings, and CA trust), then the server will reject it and authentication will fail. The ACS will log the failed authentication in the web interface under Reports and Activity > Failed Attempts > Failed Attempts XXX.csv with the Authentication Failure-Code similar to "EAP-TLS or PEAP authentication failed during SSL handshake." If the ACS rejects the client's certificate because the ACS does not trust the CA, the expected error message in the CSAuth.log file is similar to the following.
AUTH 06/04/2003 15:47:43 E 0345 1696 EAP: ProcessResponse:
SSL handshake failed, status = 3 (SSL alert fatal:unknown CA certificate)If the ACS rejects the client's certificate because the certificate has expired, the expected error message in the CSAuth.log file is similar to the following.
AUTH 06/04/2005 15:02:08 E 0345 1692 EAP: ProcessResponse:
SSL handshake failed, status = 3 (SSL alert fatal:certificate expired)
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0ea.shtml -
EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake
Hi All ,
I am trying to test EAP_TLS authentication on acs 4.2.1.15 running on Appliance 1120 , I have installed my server certficate along with CA certficate on my appliance box , I have enabled features of EAP_TLS under golbal authentication setup .
I have downloaded client supplicant certficate file for my windows XP machine .
When i tried to authenticated i am finding following error message under failed attempts(EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake) on my acs appliance box .
Under certficate revocation list , I have forced my CA as CRL in use . Attached snap shot of all .
Suggest me whether i need to enable all corresponding CA certficate undercertficate trust list , Kindly let me know were i am doing wrong on this ..Hello,
I am NO expert on certificates but I have seen your error dozens of times from wireless clients on my Cisco ACS 4.2 Radius server.
Through trial and error I wrote up this procedure for our Helpdesk for installing certs in Windows XP and Windows 7. These steps haven't failed me yet and the Helpdesk doesn't bother me as much anymore so see if this helps you:
- Manually install the Global CA under BOTH Trusted Root Certification Authorities\Certificates AND Intermediate Certification Authorities\Certificates
- Manually install the Intermediate CA under JUST the Intermediate Certification Authorities\Certificates
- Delete the wireless network from the computer
- REBOOT!!
- Open the Microsoft Management Console, “mmc”.
- Go FILE\Add Remove SnapIn. Select Certificates ..
- If promoted, do it for “My User Account”.
- Make sure the certificates are where you put them.
- If you see any of these exact certificates out of place in either Trusted Root Certification Authorities\Certificates or Intermediate Certification Authorities\Certificates, remove them.
- Redo wireless network setup again
I hope this helps you.
Mike -
EAP-TLS or PEAP authentication failed during SSL handshake error
I have 2 Windows 2003 ACS 3.2 servers. I am in the process of upgrading them to ACS 4.0. I am using them for WPA2/PEAP wireless authentication in a WDS environment. I recently upgraded one to ACS 4.0 and ever since that time some (not all) of my Windows XP clients have started to not be authenticated and logging the error "EAP-TLS or PEAP authentication failed during SSL handshake" on the ACS 4.0 server. During the upgrade (which was successful) I did change the Certificate since the current one was going to expire November 2007.
The clients that do not authenticate on the ACS 4.0 server I can point to the ACS 3.2 server and they successfully authenticate there. I am able to resolve the issue by recreating the Windows XP PEAP profile for the wireless network and by getting a new client Cert. But, I have a couple of questions:
Is the "EAP-TLS or PEAP authentication failed during SSL handshake" error due to the upgrade to ACS 4.0 or to the fact that I changed the Certificate, or both?
Can this error ("EAP-TLS or PEAP authentication failed during SSL handshake") be resolved without me touching every Windows XP client (we have over 250+)?
Thanks for the helpMy experience suggests that the problem is the certificate.
I'm running ACS 3.3.
I received the same error message when my clients copied the certificate to the wrong location, or otherwise did not correctly follow the provided instructions.
Correctly following the instructions led to a successful connection and no more error message. -
I have some problems with peap authentication. Here debug of my AP:
Mar 13 09:50:39 10.15.1.14 2370: *Mar 1 19:24:18.889: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
Mar 13 09:50:39 10.15.1.14 2371: *Mar 1 19:24:18.890: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001a.73ff.a214
Mar 13 09:50:39 10.15.1.14 2372: *Mar 1 19:24:18.890: dot11_auth_dot1x_send_id_req_to_client: Client 001a.73ff.a214 timer started for 30 seconds
Mar 13 09:51:03 10.15.1.14 2373: *Mar 1 19:24:43.549: dot11_auth_parse_client_pak: Received EAPOL packet from 001a.73ff.a214
Mar 13 09:51:03 10.15.1.14 2374: *Mar 1 19:24:43.549: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 001a.73ff.a214
Mar 13 09:51:03 10.15.1.14 2375: *Mar 1 19:24:43.549: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001a.73ff.a214
Mar 13 09:51:03 10.15.1.14 2376: *Mar 1 19:24:43.550: dot11_auth_dot1x_send_id_req_to_client: Client 001a.73ff.a214 timer started for 30 seconds
Mar 13 09:51:03 10.15.1.14 2377: *Mar 1 19:24:43.554: dot11_auth_parse_client_pak: Received EAPOL packet from 001a.73ff.a214
Mar 13 09:51:03 10.15.1.14 2378: *Mar 1 19:24:43.554: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 001a.73ff.a214
Mar 13 09:51:04 10.15.1.14 2379: *Mar 1 19:24:43.554: dot11_auth_dot1x_send_response_to_server: Sending client 001a.73ff.a214 data to server
Mar 13 09:51:04 10.15.1.14 2380: *Mar 1 19:24:43.554: AAA/AUTHEN/PPP (00000159): Pick method list 'eap_methods'
Mar 13 09:51:04 10.15.1.14 2381: *Mar 1 19:24:43.554: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
Mar 13 09:51:25 10.15.1.14 2382: *Mar 1 19:25:05.371: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAIL
Mar 13 09:51:25 10.15.1.14 2383: *Mar 1 19:25:05.371: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response
Mar 13 09:51:25 10.15.1.14 2384: *Mar 1 19:25:05.372: Client 001a.73ff.a214 failed: EAP reason 1
Mar 13 09:51:25 10.15.1.14 2385: *Mar 1 19:25:05.372: dot11_auth_dot1x_parse_aaa_resp: Failed client 001a.73ff.a214 with aaa_req_status_detail 1
Mar 13 09:51:25 10.15.1.14 2386: *Mar 1 19:25:05.372: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 001a.73ff.a214
Mar 13 09:51:25 10.15.1.14 2387: *Mar 1 19:25:05.372: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 001a.73ff.a214
Mar 13 09:51:25 10.15.1.14 2388: *Mar 1 19:25:05.373: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds
Mar 13 09:51:26 10.15.1.14 2389: *Mar 1 19:25:05.373: dot11_auth_dot1x_send_client_fail: Authentication failed for 001a.73ff.a214
Mar 13 09:51:26 10.15.1.14 2390: *Mar 1 19:25:05.373: %DOT11-7-AUTH_FAILED: Station 001a.73ff.a214 Authentication failed
Mar 13 09:51:27 10.15.1.14 2391: *Mar 1 19:25:06.611: AAA/BIND(0000015A): Bind i/f
In IAS log I can find requests and and access is permitted.
What is the problem?
Thank you for your help!Answering partially your second question, 'Authenticate as Computer when Computer Information Available' is required to enable machine authentication and the same has to be enabled on the ACS server also.
-
Strip domain name in PEAP Authentication
Is there ny chance to strip domain name (domain\username) in PEAP Authentication?
We need to configured the proxy distribution to strip the domain name from the username
before checking the database. Lets say Our domain name is SERVNET. We need to have
configured Character String "SERVNET\ " , Position "Prefix" , Strip "Yes " Forward to
local server. When the users authenticate via 802.1x (PEAP), the domain name is stripped
from the username.
Also please checkout this bug CSCeg01533 before you try it.
Regards,
~JG
Do rate helpful posts -
Airport Extreme: PEAP authentication failure when NAT is enabled
Setup: Airport Extreme firmware 5.6, Windows Admin Utility 5.2
Airport's WAN port connected to an internal network with Windows 2003 IAS RADIUS server; Airport's LAN port disconnected.
Windows XP client (using Microsoft zero-configuration client)
client and server set up to use PEAP authentication
If I set up the Airport in bridge mode (uncheck the "Distribute IP Addresses" box in the Network setup tab), the client can authenticate correctly and can obtain an IP address from a DHCP server on my internal network.
If I check the "Distribute IP Addresses" box, select "Share a single address with DHCP & NAT" and the 192.168.1.1/24 address range, the client can no longer authenticate. I haven't changed anything else on either the Airport or the RADIUS server.
Network traces taken on the wired (WAN) and wireless side of the Airport show that the first few exchanges of the EAP handshake go through fine, but the server's reply to the client's "TLS Hello" message are being blocked by the Airport. Up to that point, I don't see any significant difference between the exchanges with NAT enabled or disabled; it's just that the Airport passes the server's message to the client correctly when NAT is off and blocks it when NAT is on.
Airport Extreme Windows XPMy mistake - posted to the wrong forum! I've restarted the thread on the Airport Extreme forum.
-
PEAP Authentication before Login
Hello,
I try to use PEAP in our Wireless Enviorment.
Authentication works fine, but only when I'm always be logged in on the Machine (Logged in Localy).
What I want is PEAP Authentication run before the
Network Login so that all our LoginScript's runs.
Enviroment:
XP Client SP1 with GTC Login and Cisco PCMCIA
XP Client SP1 with MS-CHAP v2 and INTEL MINI PCI
Cisco ACS 3.2
AP 350
AP 1200
Could anyone help me?Yes, we have implemented the following with success :
Windows Client <==> Access Point <==> FW <==> Radius <==> Windows DC/AD
Windows OS : XP Client SP 1
Supplicant : Built-in Wireless Supplicant
Authentication : 802.1x PEAP(MS-Chapv2)
Access Point : Aironet 1200
Radius : ACS 3.2
Adaptors : 350 /340
CA : Microsoft
Once configured correctly, five phases of authentication will take place :
1st Authentication ==> Wireless Open/Shared Authentication
(transparent to user - activated by the wireless supplicant automatically)
2nd Authentication ==> 802.1x PEAP "computer account" authentication
(transparent to user - activated by wireless supplicant and enabling "authenticated when computer information")
3rd Authentication ==> "computer logon process" authentication to domain controller/active directory
(transparent to user - activated by Windows 2000 or Windows XP)
4th Authentication ==> "user logon process" authentication to domain controller/active directory
(transparent to user - activated by Windows 2000 or Windows XP)
5th Authentication ==> 802.1x PEAP "domain account" authentication
(transparent to user - activated by wireless supplicant and enabling wireless supplicant for PEAP-use my windows username and password)
- 2nd authentication will enable the computer have TCP/IP connectivity after 802.1x authenticates.
- 3rd authentication will allow the computer startup/group policies to load from DC/AD.
- 4th authentication will activate the user logon to load from DC/AD.
- Make sure "Authenticate as Computer when computer information is available on the wireless supplicant"
- Search for microsoft patches using the following keywords : wireless OR PEAP OR 802.1x OR WPA.
Especially those relating to DHCP.
- Use lastest IOS from Cisco. -
PEAP Authentication Aironet 12.2(13)JA
Does anyone know where I can find documentation on configuring PEAP authentication on Aironet software version 12.2(13)JA? Thanks.
Does the following URL works for you?
http://www.cisco.com/en/US/partner/products/hw/wireless/ps430/products_technical_reference_chapter09186a008025d6ee.html
As the file in PDF format is larger than the limit on NetPro, please send me an e-mail @ [email protected] if you do not have access to the above URL. -
Security and Network Management: EAP-PEAP AUTHENTICATION
Hi,
does someone has the example of the implementation of EAP-PEAP authentication on a Cisco Aironet 1242 AP?
I'm trying to make the configuration of one, but not succeeding.
Jorgeexample with eap:
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801bd035.shtml
Do not forget: Check Open Authentication (With EAP). -
Nokia Belle - EAP-PEAP authentication without Cert...
Its time for my half yearly bickering about the still non-support for EAP-PEAP authentication without server Certificates on Symbian Phone.
Here is my last thread begging for help from Nokia when Anna was released.
/t5/Software-Updates/EAP-PEAP-Authentication-without-Certificate-Is-it-fixed-in/td-p/1072133
My question remain the same.Does the new Nokia Belle support EAP-PEAP authentication without the requirement that a server certificate be present.
I have been living a life of ridicule and becomes an object of jokes and punchlines in office when it comes to the Phone that I carry. Lot of people now don't even know that there is company called Nokia. And when I tell them about it that say "Are you the guy carrying the phone that does not connect to our corporate network?".
If you read that earlier thread you know that none of the exotic workaround that some have been able to do, does not work with my office as our network administration has not installed any server certificate whatsoever on the access point.
I am fed of hearing from Nokia techs that this is supposed to be the secure and right way of doing things. When every other device, every smartphone, tablet, laptop supports this way of connecting to a EAP-PEAP access point why does Nokia has to keep this stance?
Nokia has kept everything open on the Nokia N8, it has everything that a anyone can ask for in a smartphone, so why is Nokia so adamant on this small matter of not requiring a server certificate?
Now that the WP7 line of Lumia devices are in the market can someone tell me if the problem exists on those phones too. I wont be surprised if this restriction is still there.
With Nokia going downhill so fast it does not help with this kind of attitude towards diehard Nokia followers.
Can someone from Nokia tech say once and for all if I can ever expect this thing to be fixed?
ramanramany wrote:
What should be an appropriate title for this thread. There was an older thread for the same that i started six months back when Anna was released. So i this expecting something to happen with Belle.
If nothing happens I will probably start a new one when future updates to Symbian in Clara. Donna, Emma, Florina, Georgia, Hanna, Isabelle, Jenna, Kate, Linda, Marie, Nancy, Olivia, Patty, Quinn, Rita, Sabina, Terry, Uma, Vega, Wyome, Xandra, Yetta and Zoe are released.
I hope Symbian (Nokia) lasts that long, but the support of this comes in Belle.
I see no jokes yet...common guys.isn't anyone subjected to jokes because of this.
At least give me some so i can feed more to the one going around.
Well, I believe the example of EAP-TTLS + PAP authentication isn't 'without certificates'... it does use certificates, but EAP-TTLS + PAP just doesn't happen to be a supported authentication method with recent Symbian phones.
I'm not any sort of wireless authentication guru, but there's probably a better, more precise description of the authentication support (probably a few methods) that's currently missing in Symbian.
And a couple more details for some wireless authentication methods... I believe Windows users typically have to grab a third-party 'securew2' utility to support some of the more robust (read better, more secure) authentication methods for some networks.
I think one of the more valid arguments for EAP-TTLS + PAP in general, is that I believe it may be part of the 'Eduroam' standard, although MSCHAPv2 may also be substituted for PAP, IIRC... but again, I'm not a wireless authentication guru.
In any case, if well-known, widely-implemented (or soon to be implemented, for good reason) authentication methods aren't supported in Symbian, it just makes Symbian just looks a bit ridiculous and irrelevant.
Your previous thread was quite good, and it may make sense to keep bumping that thread for updates periodically. I noticed that someone mentioned an MSCHAPv2 scenario in that thread, but again... that's not actually helpful for resolving EAP-TTLS + PAP support, and I think that there's probably a concise way to describe the current 'missing authentication methods support' in Symbian.
It continues to baffle me how Nokia seems to have such a quiet, secretive presence on these forums, when I think it would make much more sense to publicly acknowledge relevant threads/discussions, and make a statement about planned fixes, updates, etc... rather than just have people wonder if/when Nokia is paying any attention to the discussions here.
Maybe you are looking for
-
Remote Blob Storage Install - APPCOMPAT: no matching ProductCode found in database.
I am trying to install Remote Blob Storage in Sharepoint Server 2013 with SQL Server 2008 R2 Express, but it is not creating the table in the database. Here is my script msiexec /qn /lvx* rbs_install_log.txt /i RBS.msi TRUSTSERVERCERTIFICATE=true FIL
-
Issues in installing Oracle 12C on Windows 8 64 bit
I am trying to install Oracle 12C 64 bit on Windows 8. I am getting error on the screen after initial email confirmation. It is regarding some pre-requisite checks not being met. The log does not show much details. Any idea why I am getting the error
-
WLC 5508 web passthrough without https
Is there a way to not require https and a certificate for web passthrough this way when clients are redirected they do not get the certificate error?
-
LR2.5 on OS X 10.6.1 Hangs on Boot
I don't know why this started happening and as far as I remember, I didn't change anything (but I've done support long enough to know that usually turns out to not be the case). Whenever I start LR2.5 on my Macbook Pro (3,1 generation) running OS X
-
I downloaded the update as instructed. Then it told me to wait for the firefox icon. It never appeared so I couldn't complete the update. I've tried many times.