Re: WM5 PEAP with Certificates

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Mahmoud are you able to connect to the Cisco AP with a laptop? In my AP's I have booth "EAP Authentication" and "Accounting" setup. Under the SSID settings I have "Open Authentication with EAP" selected and also under the SSID settings I have "Enable Accounting" selected as well.

--
--
Eric Hicks [That_Kid] (MS-MVP Mobile Devices)

The MS-MVP Program - http://mvp.support. microsoft.com This posting is
provided "AS IS" with no warranties, and confers no rights...

"Mahmoud Amin" <mahmoud@xxxxxxxxxxxx> wrote in message news:OTSCgL8NHHA.2236@xxxxxxxxxxxxxxxxxxxxxxx
Hi Eric,

I have been trying to use peap with Cisco Ap's and wm5 but I am never
prompted for a user name and password. Today, I tries the same with a 3com
com and I was surprised that it works.

What could be wrongly configured on the Cisco AP....?

Regards,
MAhmoud Amin - MVP Infrastructure Arch.
"Eric Hicks [MVP]" <i'm@xxxxxxxxxxx> wrote in message
news:86EF7A7F-6B41-42D4-87BB-B7ED8BD744E9@xxxxxxxxxxxxxxxx
Tweezer when you try to connect a WM5 device using EAP/TLS or PEAP what
happens or doesn't happen? With PEAP on my WM5 device connecting to Cisco
1231 AP's with IAS I am aksed for my username and password. With EAP/TLS
my
username is taken from the user cert but there's no password prompt
however
I do have to enter in the domain. From there I can connect and i'm only
presented with those login options the initial time the device is
introduced
to the systemm after the information is entered I don't see it again
unless
I'm using PEAP and change my password.

--
--
Eric Hicks [That_Kid] (MS-MVP Mobile Devices)

The MS-MVP Program - http://mvp.support. microsoft.com This posting is
provided "AS IS" with no warranties, and confers no rights...

"Tweezer" <Tweezer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0125D583-C256-4C50-BAAA-A4AC7C976A02@xxxxxxxxxxxxxxxx
> I'd be happy to get EAP/TLS working even. Here's what I want. I want
> only
> devices that have a certificate that has been issued by me to be able > to
> access the wireless network. I can run either WM5 or CE on the > portable
> device (bar code scanner). I prefer that the certificate is the only
> authentication, but I'd be willing to settle for user/password in
addition
> to
> the cert. The important thing is that no access will be given without > a
> cert
> even if a correct user/password is known. I have Cisco WAPs and IAS
> running.
> I can make this work on XP without issue. If anyone has actually made
> this
> work, please help me out. I have a lab I can test with, but haven't
been
> able to make any combination work on the mobile device.
>
> "Eric Hicks [MVP]" wrote:
>
>> If you don't want to use usernames/password then that's not PEAP >> that's
>> EAP/TLS and you do need a user and root cert on the device. Some
devices
>> come with a cert utility (ipaq 5555's, ppc 6700's and a few others).
If
>> you
>> don't want to go that route you will need to export the full cert, >> root
>> and
>> all from your xp machine. Then you will need to use pfx import util
from
>> ( http://www.jacco2.dds.nl/networking/pfximprt.html ) to import those
>> certs
>> into your device.
>>
>> -- >> -- >> Eric Hicks [That_Kid] (MS-MVP Mobile Devices)
>>
>> The MS-MVP Program - http://mvp.support. microsoft.com This posting is
>> provided "AS IS" with no warranties, and confers no rights...
>>
>> "Tweezer" <Tweezer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:65AA8145-5796-4A2E-87A5-1EE3297D4AAF@xxxxxxxxxxxxxxxx
>> >I don't want to use username/password. I want to use Certs. I can >> >do
>> >this
>> > with XP easily. WM5 doesn't work though.
>> >
>> > "mlai" wrote:
>> >
>> >> I think PEAP works on encrypting the authentication channel between
>> >> the
>> >> mobile device and the server. The user logs on using his
credentials
>> >> (username/password) and no certificate is needed. So in essence,
the
>> >> cert
>> >> that you are importing to the device is only for encryption of
>> >> communication
>> >> between the device and the server (a root cert for the server cert)
>> >> and
>> >> not
>> >> a user cert........
>> >> "Tweezer" <Tweezer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:F1F515C8-1151-435F-9F5B-60F8CC137273@xxxxxxxxxxxxxxxx
>> >> >I downloaded a third party tool that allowed me to import pfx
files.
>> >> >I
>> >> >don't
>> >> > see how this could work without having the user cert if that's
what
>> >> > we
>> >> > plan
>> >> > to user for authentication. Please elaborate if possible.
>> >> >
>> >> > Thanks
>> >> >
>> >> > "Eric Hicks [MVP]" wrote:
>> >> >
>> >> >> Yes this is possible, for PEAP you only need the root >> >> >> certificate
>> >> >> installed
>> >> >> on your device. How are you installing the certificates to your
>> >> >> device?
>> >> >>
>> >> >> -- >> >> >> -- >> >> >> Eric Hicks [That_Kid] (MS-MVP Mobile Devices)
>> >> >>
>> >> >> The MS-MVP Program - http://mvp.support. microsoft.com This
posting
>> >> >> is
>> >> >> provided "AS IS" with no warranties, and confers no rights...
>> >> >>
>> >> >> "Tweezer" <Tweezer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> >> news:CC65BA8A-F477-41E4-853B-497C05E65E1D@xxxxxxxxxxxxxxxx
>> >> >> > Is this possible to get working? I have a WM5 device that I
>> >> >> > managed
>> >> >> > to
>> >> >> > install a personal and root certificate on, but it won't
>> >> >> > authenticate
>> >> >> > to
>> >> >> > my
>> >> >> > WLAN. I'm using IAS server for the auth. I have used the >> >> >> > same
>> >> >> > cert
>> >> >> > combo
>> >> >> > on
>> >> >> > an XP laptop and everything works fine. ANy advice would be
>> >> >> > appreciated.
>> >> >>
>> >>
>>




.

Relevant Pages