Re: PEAP based 802.1x LAN authentication
From: Miroslaw Slawek Chorazy (mchorazy_at_depaul.edu)
Date: 04/06/05
- Previous message: Miroslaw Slawek Chorazy: "Re: PEAP based 802.1x LAN authentication"
- Maybe in reply to: Rodrigo Blanco: "PEAP based 802.1x LAN authentication"
- Next in thread: Rodrigo Blanco: "Re: PEAP based 802.1x LAN authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 06 Apr 2005 12:04:52 -0500 To: <rodrigo.blanco.r@gmail.com>
OK, and so PEAP mechanism is trying to read it from Personal or you dont
know?
If PEAP is running under say the SYSTEM context then I would suspect it
probably has a problem finding that certificate store you refer to as
"Personal"
slawek
>>> Rodrigo Blanco <rodrigo.blanco.r@gmail.com> 4/6/2005 11:49 >>>
The CA cert is installed in the Trusted Root Certification
Authorities.
I installed the server cert with the "let Windows decide which
container to install the certificate in". It ended up in Personal.
On Apr 6, 2005 6:18 PM, Miroslaw Slawek Chorazy <mchorazy@depaul.edu>
wrote:
> Im not sure if you mentioned specifically or not where the
certificate
> that you had obtained ended up being installed at ?
> Is the certificate "siting" in the right container for the PEAP to
find
> it?
> Is the certificate in the Computer or User Store?
>
> slawek
>
> >>> Rodrigo Blanco <rodrigo.blanco.r@gmail.com> 4/6/2005 10:42 >>>
> Hello list,
>
> I am currently trying to configure an Active Directory (w2K server)
> both for windows auth and also as RADIUS server (IAS) for LAN 802.1x
> authentication. I have successfully tried 802.1x with auth methods
> such as PAP, CHAP... and now am trying to move to PEAP so I can have
> joint AD/802.1x auth. with a single logon.
>
> According to
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/9d8b61c9-a870-4627-a8f2-148625fd7fba.mspx
>
> I should install MS CA and generate a certificate for the win2K
server
> acting as AD/IAS.
>
> I do not want to use this CA, but openssl instead (XCA, in fact).
With
> this, I have created a certificate with key usage = Server auth and
> installed both the CA certificate and this certificate through the
> browser.
>
> When I try to configure PEAP in the IAS Dial-in profile, I get an
> error message stating: "A certificate could not be found that can be
> used with this Extensible Authentication Protocol". I think some key
> usage or extended key usage attributes must be missing, or that I
have
> created / installed the certificate wrong, but did not find the
> problem.
>
> Any help or ideas would be more than welcome.
>
> Thanks in advance,
> Rodrigo.
>
>
---------------------------------------------------------------------------
>
---------------------------------------------------------------------------
>
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Miroslaw Slawek Chorazy: "Re: PEAP based 802.1x LAN authentication"
- Maybe in reply to: Rodrigo Blanco: "PEAP based 802.1x LAN authentication"
- Next in thread: Rodrigo Blanco: "Re: PEAP based 802.1x LAN authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
