Re: WM5 PEAP with Certificates

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

I tried a 3com AP and it works, which mean it is an Cisco issue.
As Eric is working with Cisco, I believe it should be a config issue in our
case.

Waiting for Eric to clear it up.

Mahmoud Amin MVP-Infrastructure Architect
"Tweezer" <Tweezer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:326B914F-45F9-437F-BD0E-44B08D157CBA@xxxxxxxxxxxxxxxx
I have exactly the same issue. My laptop works great, but WM5 fails.
Maybe
the config would prove helpful.

"Mahmoud Amin" wrote:

Hi,

Yes I can connect to the AP using a laptop but could not ever connect
with
wm5 PPC.
Can you send me the configuration of your access point using show
config.
This will be a great help.

Regards,
Mahmoud Amin

"Eric Hicks [MVP]" <i'm@xxxxxxxxxxx> wrote in message
news:3E06F3A8-0216-4790-8636-E4B71116F857@xxxxxxxxxxxxxxxx
Mahmoud are you able to connect to the Cisco AP with a laptop? In my
AP's
I
have booth "EAP Authentication" and "Accounting" setup. Under the
SSID
settings I have "Open Authentication with EAP" selected and also under
the
SSID settings I have "Enable Accounting" selected as well.

--
--
Eric Hicks [That_Kid] (MS-MVP Mobile Devices)

The MS-MVP Program - http://mvp.support. microsoft.com This posting is
provided "AS IS" with no warranties, and confers no rights...

"Mahmoud Amin" <mahmoud@xxxxxxxxxxxx> wrote in message
news:OTSCgL8NHHA.2236@xxxxxxxxxxxxxxxxxxxxxxx
Hi Eric,

I have been trying to use peap with Cisco Ap's and wm5 but I am
never
prompted for a user name and password. Today, I tries the same with
a
3com
com and I was surprised that it works.

What could be wrongly configured on the Cisco AP....?

Regards,
MAhmoud Amin - MVP Infrastructure Arch.
"Eric Hicks [MVP]" <i'm@xxxxxxxxxxx> wrote in message
news:86EF7A7F-6B41-42D4-87BB-B7ED8BD744E9@xxxxxxxxxxxxxxxx
Tweezer when you try to connect a WM5 device using EAP/TLS or PEAP
what
happens or doesn't happen? With PEAP on my WM5 device connecting
to
Cisco
1231 AP's with IAS I am aksed for my username and password. With
EAP/TLS
my
username is taken from the user cert but there's no password prompt
however
I do have to enter in the domain. From there I can connect and i'm
only
presented with those login options the initial time the device is
introduced
to the systemm after the information is entered I don't see it
again
unless
I'm using PEAP and change my password.

--
--
Eric Hicks [That_Kid] (MS-MVP Mobile Devices)

The MS-MVP Program - http://mvp.support. microsoft.com This posting
is
provided "AS IS" with no warranties, and confers no rights...

"Tweezer" <Tweezer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0125D583-C256-4C50-BAAA-A4AC7C976A02@xxxxxxxxxxxxxxxx
I'd be happy to get EAP/TLS working even. Here's what I want. I
want
only
devices that have a certificate that has been issued by me to be
able
to
access the wireless network. I can run either WM5 or CE on the
portable
device (bar code scanner). I prefer that the certificate is the
only
authentication, but I'd be willing to settle for user/password in
addition
to
the cert. The important thing is that no access will be given
without
a
cert
even if a correct user/password is known. I have Cisco WAPs and
IAS
running.
I can make this work on XP without issue. If anyone has actually
made
this
work, please help me out. I have a lab I can test with, but
haven't
been
able to make any combination work on the mobile device.

"Eric Hicks [MVP]" wrote:

If you don't want to use usernames/password then that's not PEAP
that's
EAP/TLS and you do need a user and root cert on the device.
Some
devices
come with a cert utility (ipaq 5555's, ppc 6700's and a few
others).
If
you
don't want to go that route you will need to export the full
cert,
root
and
all from your xp machine. Then you will need to use pfx import
util
from
( http://www.jacco2.dds.nl/networking/pfximprt.html ) to import
those
certs
into your device.

--
--
Eric Hicks [That_Kid] (MS-MVP Mobile Devices)

The MS-MVP Program - http://mvp.support. microsoft.com This
posting
is
provided "AS IS" with no warranties, and confers no rights...

"Tweezer" <Tweezer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:65AA8145-5796-4A2E-87A5-1EE3297D4AAF@xxxxxxxxxxxxxxxx
I don't want to use username/password. I want to use Certs. I
can
do
this
with XP easily. WM5 doesn't work though.

"mlai" wrote:

I think PEAP works on encrypting the authentication channel
between
the
mobile device and the server. The user logs on using his
credentials
(username/password) and no certificate is needed. So in
essence,
the
cert
that you are importing to the device is only for encryption
of
communication
between the device and the server (a root cert for the server
cert)
and
not
a user cert........
"Tweezer" <Tweezer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:F1F515C8-1151-435F-9F5B-60F8CC137273@xxxxxxxxxxxxxxxx
I downloaded a third party tool that allowed me to import
pfx
files.
I
don't
see how this could work without having the user cert if
that's
what
we
plan
to user for authentication. Please elaborate if possible.

Thanks

"Eric Hicks [MVP]" wrote:

Yes this is possible, for PEAP you only need the root
certificate
installed
on your device. How are you installing the certificates
to
your
device?

--
--
Eric Hicks [That_Kid] (MS-MVP Mobile Devices)

The MS-MVP Program - http://mvp.support. microsoft.com
This
posting
is
provided "AS IS" with no warranties, and confers no
rights...

"Tweezer" <Tweezer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:CC65BA8A-F477-41E4-853B-497C05E65E1D@xxxxxxxxxxxxxxxx
Is this possible to get working? I have a WM5 device
that I
managed
to
install a personal and root certificate on, but it won't
authenticate
to
my
WLAN. I'm using IAS server for the auth. I have used
the
same
cert
combo
on
an XP laptop and everything works fine. ANy advice
would be
appreciated.












.

Relevant Pages

  • Re: Web Certificate for IIS Server on SBS Domain
    ... Before your reply, I actually ran across rapidssl myself, and have ordered and installed the free 30-day certificate on my site. ... I explained what you'd told me about putting my existing configuration at risk by installing Cert Services, and he said he didn't know that. ... Again, if you're just needing a cert to install on your web server to provide SSL connectivity for remote users, go with an external third-party provider. ... When you add Certificate Services on an internal network, lots of internal communications will start using pieces provided by the Cert Server instead of the defaults from Server 2003, and when things blow up, they can blow up gloriously. ...
    (microsoft.public.windows.server.sbs)
  • Re: Activesync between Windows Mobile 5 and SBS2003 gives error
    ... If you don't find a cert here that matches the URL for OWA, you need to re-run the CEICW wizard on the SBS box and re-create the self signed cert. ... I exported the certificate straight from the server. ... Treo 700wx running Windows Mobile 5. ...
    (microsoft.public.windows.server.sbs)
  • Re: Terminal Services over a VPN
    ... Create a certificate request and submit it to godaddy in order to obtain a public cert. ... You can use the wizard in IIS Manager for this by creating a new website that matches the above name (on your TS server), right-click and choose properties, directory security tab, server certificate button. ... After the install you can stop or delete the website created above since you don't need it for anything. ...
    (microsoft.public.windows.terminal_services)
  • Re: SBS 2003 Premium and Cert Services
    ... that philosphy got blown out of the equation when SBS included Exchange OWA ... "Small Business Server" which is MS claim as to why the risk of exposing the ... the Certificate Server on another server, ... >> Cert, or you could edit the properties of your Certification Authority to ...
    (microsoft.public.windows.server.sbs)
  • Re: Web Certificate for IIS Server on SBS Domain
    ... and installed the free 30-day certificate on my site. ... instructions to install Certificate Services. ... If I can find a way to issue my own cert without risking my SBS setup, ... > Server instead of the defaults from Server 2003, and when things blow up, ...
    (microsoft.public.windows.server.sbs)