RADIUS IAS CRL CHECK
- From: powersnakop@xxxxxxxxx
- Date: Wed, 27 Aug 2008 07:07:38 -0700 (PDT)
We revoked a computer certification, and published a new crl with this
cert. in the revocation list.
However, when the workstation is turned on, it can establish a
connection to the network.
It seems that the IAS ignores the CRL (or doesn't check CRL at all).
We know that the IAS will ignore new CRL until, that old one has
expired, so we waited until the old CRL expired, and then ran the
check.
Moreover, we added to registery the dword "IgnoreNoRevocationCheck"
and set its value to 0. It still doesn't help.
If we put the workstation's certification in the 'Untrusted
certificates' in the DC, we do get an error of "The certificate is
revoked", yet it was only a test and definitly not a solution.
My question is, how we should tell the IAS to check the new CRL, and
verify the workstations' certificates?
We have the IAS installed on two Domain controllers.
.
- Prev by Date: Re: 802.1X Setup using Server 03 and Aironet 1200 Series WAP help
- Next by Date: 802.1X configuration for IAS and Cisco WLC 4402
- Previous by thread: 802.1x MD5-Challege authenticated failure
- Next by thread: 802.1X configuration for IAS and Cisco WLC 4402
- Index(es):
Relevant Pages
|
Loading
