Re: PEAP Wireless Access for Mac OS X
From: Jim Seifert [MSFT] (jimsei_at_online.microsoft.com)
Date: 03/16/05
- Previous message: Petteri Stenius: "Re: Kerberos protocol transition is not working over DCOM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Mar 2005 13:30:14 -0800
Automatic certificate deployment is something that only works with Windows
clients. With those clients group policy and a Windows 2003 server you can
automate certificate enrollment but this is not supported for third party
clients.
-- Please do not send e-mail directly to this alias. This alias is for newsgroup purposes only. This posting is provided "AS IS" with no warranties, and confers no rights. "Steven Kane" <StevenKane@discussions.microsoft.com> wrote in message news:CCBD3066-6302-4384-B2AE-D6E2505591C2@microsoft.com... > We are using a Micrsoft IAS server as our Radius authority, and are > attempting to set up PEAP authentication for our wireless network. On a > PC, > the setup seems to work perfectly: the computer sees the wireless network, > attempts to authenticate, accepts our certificate and the user is prompted > for their network username and password. > > On a Mac OS 10.3.7 computer, however, the computer sees the wireless > network > and although we specify an 802.1x connection, the Mac does not prompt to > accept the certificate but rather immediately rejects the computer. This > is > the error that shows up in the Event Log for the IAS server: > > ************************************* > User username was denied access. > Fully-Qualified-User-Name = GARNET\username > NAS-IP-Address = 10.10.10.10 > NAS-Identifier = ap > Called-Station-Identifier = xxxx.xxxx.xxxx > Calling-Station-Identifier = xxxx.xxxx.xxxx > Client-Friendly-Name = AP PEAP Test > Client-IP-Address = 10.10.10.10 > NAS-Port-Type = Wireless - IEEE 802.11 > NAS-Port = 266 > Proxy-Policy-Name = Use Windows authentication for all users > Authentication-Provider = Windows > Authentication-Server = <undetermined> > Policy-Name = Allow Wireless PEAP Access (Test 1) > Authentication-Type = PEAP > EAP-Type = <undetermined> > Reason-Code = 16 > Reason = Authentication was not successful because an unknown user name or > incorrect password was used. > ******************************************* > > We are using a self-signed certificate, and the goal is to get the Mac to > prompt users to accept the certificate and then authenticate to our IAS > server. The Mac does work when we download the certificate, transfer it > to > the computer, and import it into the keychain, but we are trying to avoid > forcing the user to connect to the wired network before using the wireless > network. > > If anyone has any suggestions, we would love to hear about them.
- Previous message: Petteri Stenius: "Re: Kerberos protocol transition is not working over DCOM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
