Re: PEAP Wireless Access for Mac OS X

From: Jim Seifert [MSFT] (jimsei_at_online.microsoft.com)
Date: 03/16/05

  • Next message: Joe Kaplan \(MVP - ADSI\): "Re: Kerberos protocol transition is not working over DCOM"
    Date: Wed, 16 Mar 2005 13:30:14 -0800
    
    

    Automatic certificate deployment is something that only works with Windows
    clients. With those clients group policy and a Windows 2003 server you can
    automate certificate enrollment but this is not supported for third party
    clients.

    -- 
    Please do not send e-mail directly to this alias. This alias is for 
    newsgroup purposes only.
    This posting is provided "AS IS" with no warranties, and confers no rights.
    "Steven Kane" <StevenKane@discussions.microsoft.com> wrote in message 
    news:CCBD3066-6302-4384-B2AE-D6E2505591C2@microsoft.com...
    > We are using a Micrsoft IAS server as our Radius authority, and are
    > attempting to set up PEAP authentication for our wireless network.  On a 
    > PC,
    > the setup seems to work perfectly: the computer sees the wireless network,
    > attempts to authenticate, accepts our certificate and the user is prompted
    > for their network username and password.
    >
    > On a Mac OS 10.3.7 computer, however, the computer sees the wireless 
    > network
    > and although we specify an 802.1x connection, the Mac does not prompt to
    > accept the certificate but rather immediately rejects the computer.  This 
    > is
    > the error that shows up in the Event Log for the IAS server:
    >
    > *************************************
    > User username was denied access.
    > Fully-Qualified-User-Name = GARNET\username
    > NAS-IP-Address = 10.10.10.10
    > NAS-Identifier = ap
    > Called-Station-Identifier = xxxx.xxxx.xxxx
    > Calling-Station-Identifier = xxxx.xxxx.xxxx
    > Client-Friendly-Name = AP PEAP Test
    > Client-IP-Address = 10.10.10.10
    > NAS-Port-Type = Wireless - IEEE 802.11
    > NAS-Port = 266
    > Proxy-Policy-Name = Use Windows authentication for all users
    > Authentication-Provider = Windows
    > Authentication-Server = <undetermined>
    > Policy-Name = Allow Wireless PEAP Access (Test 1)
    > Authentication-Type = PEAP
    > EAP-Type = <undetermined>
    > Reason-Code = 16
    > Reason = Authentication was not successful because an unknown user name or
    > incorrect password was used.
    > *******************************************
    >
    > We are using a self-signed certificate, and the goal is to get the Mac to
    > prompt users to accept the certificate and then authenticate to our IAS
    > server.  The Mac does work when we download the certificate, transfer it 
    > to
    > the computer, and import it into the keychain, but we are trying to avoid
    > forcing the user to connect to the wired network before using the wireless
    > network.
    >
    > If anyone has any suggestions, we would love to hear about them. 
    

  • Next message: Joe Kaplan \(MVP - ADSI\): "Re: Kerberos protocol transition is not working over DCOM"

    Relevant Pages

    • Re: Need help configuring Wireless Connection profile
      ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless ... Vaillancourt,4155,1,4154,Use Windows authentication for all ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
      (microsoft.public.windowsxp.general)
    • Re: Need help configuring Wireless Connection profile
      ... "point" the info of the Radius authentication to your current Radius server. ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
      (microsoft.public.windowsxp.general)
    • Re: OWA 2003 w/ Smart Card Authentication.
      ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
      (microsoft.public.exchange.connectivity)
    • Need help configuring Wireless Connection profile
      ... I have an SBS 2003 server and a Server 2003 member server set up using RADIUS ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP ... Certificate Services ...
      (microsoft.public.windowsxp.general)
    • Re: Need help configuring Wireless Connection profile
      ... "point" the info of the Radius authentication to your current Radius server. ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
      (microsoft.public.windowsxp.general)