Re: PEAP auth with Verisign
From: Mark Gamache (mark.gamache_at_css-security.com)
Date: 02/02/05
- Next message: hack123_at_hotmail.com: "Re: WINSK3 Active Directory, IAS, Dlink AP's, Best way and how to with win98"
- Previous message: Mark Gamache: "Re: WINSK3 Active Directory, IAS, Dlink AP's, Best way and how to with win98"
- In reply to: symbol123: "PEAP auth with Verisign"
- Next in thread: Sam Salhi [MSFT]: "Re: PEAP auth with Verisign"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 1 Feb 2005 17:19:57 -0800
I'd verify that they Verisign cert is installed in the IAS server's machine
store. It may have auto imported into your personal store when you imported
it. I'd also make sure that the client machine trusts the cert chain.
You mentioned a root server cert that is generated by IAS. IAS can't
generate certs. Can you clarify this? Do you mean that you have a CA also
installed on the IAS server and it generated the cert? Or is the cert a
machine cert for the IAS server, but issued by a CA in your enterprise? If
I am reading between the lines correctly, I'd say that your client doesn't
trust the Verisign cert for some reason.
Cheers,
-- Mark Gamache Certified Security Solutions http://www.css-security.com "symbol123" <seranky@sj.symbol.com> wrote in message news:030401c508c1$f868df60$a401280a@phx.gbl... >I purchased a Verisign Class 3 WLAN server certificate > and installed it on the MS Win2k3 RADIUS server. I then > setup a Remote Access policy in IAS to do PEAP auth using > this certificate. > From my PPC device, I try to connect to the PEAP-enabled > WLAN. The requests are reaching the IAS server but the > authentication seems to be failing. Attached are messages > from the Windows Event Log. > Could not retrieve the Remote Access Server's certificate > due to the following error: The credentials supplied to > the package were not recognized > > Access request for user RDEAP\test was discarded. > Fully-Qualified-User-Name = <undetermined> > NAS-IP-Address = 10.11.3.10 > NAS-Identifier = Symbol Access Point > Called-Station-Identifier = 00a0f8b0aa65 > Calling-Station-Identifier = 00a0f8635eac > Client-Friendly-Name = Symbol AP > Client-IP-Address = 10.11.3.10 > NAS-Port-Type = Wireless - IEEE 802.11 > NAS-Port = 29 > Proxy-Policy-Name = <none> > Authentication-Provider = <undetermined> > Authentication-Server = <undetermined> > Reason-Code = 1 > Reason = An internal error occurred. Check the system > event log for additional information. > > The whole setup works if I use a server root certificate > generated by IAS and copy it onto the PPC device and > connect to the PEAP WLAN network. > > any thoughts on getting it work with a 3rd party CA cert ?
- Next message: hack123_at_hotmail.com: "Re: WINSK3 Active Directory, IAS, Dlink AP's, Best way and how to with win98"
- Previous message: Mark Gamache: "Re: WINSK3 Active Directory, IAS, Dlink AP's, Best way and how to with win98"
- In reply to: symbol123: "PEAP auth with Verisign"
- Next in thread: Sam Salhi [MSFT]: "Re: PEAP auth with Verisign"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
