Re: WM5 PEAP with Certificates

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hi Eric,

I have been trying to use peap with Cisco Ap's and wm5 but I am never
prompted for a user name and password. Today, I tries the same with a 3com
com and I was surprised that it works.

What could be wrongly configured on the Cisco AP....?

Regards,
MAhmoud Amin - MVP Infrastructure Arch.
"Eric Hicks [MVP]" <i'm@xxxxxxxxxxx> wrote in message
news:86EF7A7F-6B41-42D4-87BB-B7ED8BD744E9@xxxxxxxxxxxxxxxx
Tweezer when you try to connect a WM5 device using EAP/TLS or PEAP what
happens or doesn't happen? With PEAP on my WM5 device connecting to Cisco
1231 AP's with IAS I am aksed for my username and password. With EAP/TLS
my
username is taken from the user cert but there's no password prompt
however
I do have to enter in the domain. From there I can connect and i'm only
presented with those login options the initial time the device is
introduced
to the systemm after the information is entered I don't see it again
unless
I'm using PEAP and change my password.

--
--
Eric Hicks [That_Kid] (MS-MVP Mobile Devices)

The MS-MVP Program - http://mvp.support. microsoft.com This posting is
provided "AS IS" with no warranties, and confers no rights...

"Tweezer" <Tweezer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0125D583-C256-4C50-BAAA-A4AC7C976A02@xxxxxxxxxxxxxxxx
I'd be happy to get EAP/TLS working even. Here's what I want. I want
only
devices that have a certificate that has been issued by me to be able to
access the wireless network. I can run either WM5 or CE on the portable
device (bar code scanner). I prefer that the certificate is the only
authentication, but I'd be willing to settle for user/password in
addition
to
the cert. The important thing is that no access will be given without a
cert
even if a correct user/password is known. I have Cisco WAPs and IAS
running.
I can make this work on XP without issue. If anyone has actually made
this
work, please help me out. I have a lab I can test with, but haven't
been
able to make any combination work on the mobile device.

"Eric Hicks [MVP]" wrote:

If you don't want to use usernames/password then that's not PEAP that's
EAP/TLS and you do need a user and root cert on the device. Some
devices
come with a cert utility (ipaq 5555's, ppc 6700's and a few others).
If
you
don't want to go that route you will need to export the full cert, root
and
all from your xp machine. Then you will need to use pfx import util
from
( http://www.jacco2.dds.nl/networking/pfximprt.html ) to import those
certs
into your device.

--
--
Eric Hicks [That_Kid] (MS-MVP Mobile Devices)

The MS-MVP Program - http://mvp.support. microsoft.com This posting is
provided "AS IS" with no warranties, and confers no rights...

"Tweezer" <Tweezer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:65AA8145-5796-4A2E-87A5-1EE3297D4AAF@xxxxxxxxxxxxxxxx
I don't want to use username/password. I want to use Certs. I can do
this
with XP easily. WM5 doesn't work though.

"mlai" wrote:

I think PEAP works on encrypting the authentication channel between
the
mobile device and the server. The user logs on using his
credentials
(username/password) and no certificate is needed. So in essence,
the
cert
that you are importing to the device is only for encryption of
communication
between the device and the server (a root cert for the server cert)
and
not
a user cert........
"Tweezer" <Tweezer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F1F515C8-1151-435F-9F5B-60F8CC137273@xxxxxxxxxxxxxxxx
I downloaded a third party tool that allowed me to import pfx
files.
I
don't
see how this could work without having the user cert if that's
what
we
plan
to user for authentication. Please elaborate if possible.

Thanks

"Eric Hicks [MVP]" wrote:

Yes this is possible, for PEAP you only need the root certificate
installed
on your device. How are you installing the certificates to your
device?

--
--
Eric Hicks [That_Kid] (MS-MVP Mobile Devices)

The MS-MVP Program - http://mvp.support. microsoft.com This
posting
is
provided "AS IS" with no warranties, and confers no rights...

"Tweezer" <Tweezer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CC65BA8A-F477-41E4-853B-497C05E65E1D@xxxxxxxxxxxxxxxx
Is this possible to get working? I have a WM5 device that I
managed
to
install a personal and root certificate on, but it won't
authenticate
to
my
WLAN. I'm using IAS server for the auth. I have used the same
cert
combo
on
an XP laptop and everything works fine. ANy advice would be
appreciated.






.

Relevant Pages

  • Re: WM5 PEAP with Certificates
    ... I tried a 3com AP and it works, which mean it is an Cisco issue. ... I prefer that the certificate is the ... the cert. ... mobile device and the server. ...
    (microsoft.public.pocketpc.wireless)
  • Re: WM5 PEAP with Certificates
    ... Can you send me the configuration of your access point using show config. ... I have been trying to use peap with Cisco Ap's and wm5 but I am never ... I prefer that the certificate is the only ... the cert. ...
    (microsoft.public.pocketpc.wireless)
  • Re: WM5 PEAP with Certificates
    ... My laptop works great, but WM5 fails. ... Can you send me the configuration of your access point using show config. ... I prefer that the certificate is the only ... the cert. ...
    (microsoft.public.pocketpc.wireless)
  • Re: WM5 PEAP with Certificates
    ... Mahmoud are you able to connect to the Cisco AP with a laptop? ... Under the SSID settings I have "Open Authentication with EAP" selected and also under the SSID settings I have "Enable Accounting" selected as well. ... > the cert. ...
    (microsoft.public.pocketpc.wireless)
  • Re: Cert will not install on i-730 running WM5 (SBS 2003 server)
    ... I have a Samsung i-730 which is running WM5. ... I am running SBS 2003 ... Standard and created a valid root cert and copied it to my i-730. ... Surely there has to be a fix to get my SBS cert trusted by WM5? ...
    (microsoft.public.windows.server.sbs)