RE: PEAP based 802.1x LAN authentication
From: Neal (Neal_at_nkdavis.com)
Date: 04/06/05
- Previous message: Rodrigo Blanco: "Re: PEAP based 802.1x LAN authentication"
- Maybe in reply to: Rodrigo Blanco: "PEAP based 802.1x LAN authentication"
- Next in thread: Pidgorny, Slav: "RE: PEAP based 802.1x LAN authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 6 Apr 2005 22:21:10 +0100 To: "Rodrigo Blanco" <rodrigo.blanco.r@gmail.com>, "Miroslaw Slawek Chorazy" <mchorazy@depaul.edu>
Ensure the server cert is in the Personal container in "Certificates -
(Local Computer)" and not "Certificates - Current User" on the IAS
server. You can easily copy and paste the cert between stores if it is
in the wrong one. Also have you ensured the CA Cert is in the Trusted
Root Certification Authorities store on both the IAS Server and the
clients?
Regards
Neal
-----Original Message-----
From: Rodrigo Blanco [mailto:rodrigo.blanco.r@gmail.com]
Sent: 06 April 2005 17:49
To: Miroslaw Slawek Chorazy
Cc: focus-ms@securityfocus.com; rodrigob@myway.com
Subject: Re: PEAP based 802.1x LAN authentication
The CA cert is installed in the Trusted Root Certification Authorities.
I installed the server cert with the "let Windows decide which
container to install the certificate in". It ended up in Personal.
On Apr 6, 2005 6:18 PM, Miroslaw Slawek Chorazy <mchorazy@depaul.edu>
wrote:
> Im not sure if you mentioned specifically or not where the certificate
> that you had obtained ended up being installed at ?
> Is the certificate "siting" in the right container for the PEAP to
find
> it?
> Is the certificate in the Computer or User Store?
>
> slawek
>
> >>> Rodrigo Blanco <rodrigo.blanco.r@gmail.com> 4/6/2005 10:42 >>>
> Hello list,
>
> I am currently trying to configure an Active Directory (w2K server)
> both for windows auth and also as RADIUS server (IAS) for LAN 802.1x
> authentication. I have successfully tried 802.1x with auth methods
> such as PAP, CHAP... and now am trying to move to PEAP so I can have
> joint AD/802.1x auth. with a single logon.
>
> According to
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/S
erverHelp/9d8b61c9-a870-4627-a8f2-148625fd7fba.mspx
>
> I should install MS CA and generate a certificate for the win2K server
> acting as AD/IAS.
>
> I do not want to use this CA, but openssl instead (XCA, in fact). With
> this, I have created a certificate with key usage = Server auth and
> installed both the CA certificate and this certificate through the
> browser.
>
> When I try to configure PEAP in the IAS Dial-in profile, I get an
> error message stating: "A certificate could not be found that can be
> used with this Extensible Authentication Protocol". I think some key
> usage or extended key usage attributes must be missing, or that I have
> created / installed the certificate wrong, but did not find the
> problem.
>
> Any help or ideas would be more than welcome.
>
> Thanks in advance,
> Rodrigo.
>
>
------------------------------------------------------------------------
--- > ------------------------------------------------------------------------ --- > > ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Rodrigo Blanco: "Re: PEAP based 802.1x LAN authentication"
- Maybe in reply to: Rodrigo Blanco: "PEAP based 802.1x LAN authentication"
- Next in thread: Pidgorny, Slav: "RE: PEAP based 802.1x LAN authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
