We have been coerced into having the county's supplied cisco wireless network, this in it's self is ok(ish) but because the controller is centrally hosted we are having a few problems getting it going.
We are using PEAP and EAP-MSCHAP V2 in the security settings. So we can stop all and sundry using the network the clients are set up to use computer only authentication when setting up the wireless session (Win 7 ) or computer when available (win XP), certificate validation is unchecked.
In addition the controller is access our AD via a trust (this in it's self seems to work according to our network guy in the county)
Despite this the session fails to set up and pops up a window demanding user authentication. If I look at the logs the failure is around the trusting of certificates - our clients don't trust the CISCO controller certificate.
I'm not familar with the SSL protocol handshakes but I thought unchecking the certificate validation would stop this.
Help would be much appreciated.
Finally got it sorted both in my own mind and on the PC.
For anyone who is interested 802.1x authentication depends on certificates - if the server uses generally available ones ok but if, as in our case,the certificate is a self certified one you will need to import it into the "trusted root certificates" store on the PC.
The validate server certificates button only forces the PC to check that the certificate it has recieved matches the one in the store and most importantly is still valid. If you do not have access to the supplier of the certificate do not tick this.
You can import the certificate in (as far as I know) 3 ways: -
copying the certificate to the PC and double clicking it
opening up the MMC, start the certificates snap in and import the certificate
Via a GPO in the windows wireless security setting in the computer part of the policy
Last edited by Hedghog; 21st June 2012 at 01:34 PM. Reason: layout
There are currently 1 users browsing this thread. (0 members and 1 guests)