Cisco EAP-TLS w/Win2003 CA server

Discussion in 'Cisco' started by mmainer, Feb 16, 2005.

  1. mmainer

    mmainer Guest

    I'm having a hell of a time getting EAP-TLS working with a Microsoft
    CA issuing the Certs. I have PAEP working with no problems in the same
    environment (laptop WinXP, switch port Cisco Cat 4003, Cisco ACS Server
    3.2.3 and username Win2003 AD). I'm thinking that it has to do with
    how the CA server is issuing the User Cert and what AD is looking from
    the Cert to authenticate it with a user. What I see from my client
    when trying to use EAP-TLS is "Attempting to authenticate" it never
    fails or passes. I never see anything in the ACS logs that says Pass
    or Fail.

    Anyone else have this problem? I'm sure that I'm missing some very
    simple step or check box somewhere but it's driving me crazy and I
    help some help.

    BTW, I have tried Cisco Test Certs from the following URL and
    wouldn't you know it works so I know the environment if correct, like
    I said I like it is the Cert but not sure how to fix it.
    mmainer, Feb 16, 2005
    1. Advertisements

  2. mmainer

    Albert Bank Guest

    we had a lab setup to compare various radius solutions and discovered that
    this setup works best for us using freeradius on linux.

    We created the certs using openssl, the only caveat is to add the proper
    usage in openssl.conf
    even the replication of certificated across various servers works like a

    hope that helps

    Albert Bank, Feb 22, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.