Re: WM5 PEAP with Certificates

From: "Eric Hicks [MVP]" <i'm@xxxxxxxxxxx>
Date: Sat, 20 Jan 2007 11:31:46 -0500

Ok I'll grab my config file and post it up here.

--
--
Eric Hicks [That_Kid] (MS-MVP Mobile Devices)

The MS-MVP Program - http://mvp.support. microsoft.com This posting is
provided "AS IS" with no warranties, and confers no rights...

"Mahmoud Amin" <mahmoud@xxxxxxxxxxxx> wrote in message news:uRqXxekOHHA.2468@xxxxxxxxxxxxxxxxxxxxxxx

I tried a 3com AP and it works, which mean it is an Cisco issue.
As Eric is working with Cisco, I believe it should be a config issue in our
case.

Waiting for Eric to clear it up.

Mahmoud Amin MVP-Infrastructure Architect
"Tweezer" <Tweezer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:326B914F-45F9-437F-BD0E-44B08D157CBA@xxxxxxxxxxxxxxxx

I have exactly the same issue. My laptop works great, but WM5 fails.
Maybe
the config would prove helpful.

"Mahmoud Amin" wrote:

> Hi,
>
> Yes I can connect to the AP using a laptop but could not ever connect

with
> wm5 PPC.
> Can you send me the configuration of your access point using show

config.
> This will be a great help.
>
> Regards,
> Mahmoud Amin
>
> "Eric Hicks [MVP]" <i'm@xxxxxxxxxxx> wrote in message
> news:3E06F3A8-0216-4790-8636-E4B71116F857@xxxxxxxxxxxxxxxx
> > Mahmoud are you able to connect to the Cisco AP with a laptop? In my

AP's
> I
> > have booth "EAP Authentication" and "Accounting" setup. Under the

SSID
> > settings I have "Open Authentication with EAP" selected and also > > under
the
> > SSID settings I have "Enable Accounting" selected as well.
> >
> > -- > > -- > > Eric Hicks [That_Kid] (MS-MVP Mobile Devices)
> >
> > The MS-MVP Program - http://mvp.support. microsoft.com This posting > > is
> > provided "AS IS" with no warranties, and confers no rights...
> >
> > "Mahmoud Amin" <mahmoud@xxxxxxxxxxxx> wrote in message
> > news:OTSCgL8NHHA.2236@xxxxxxxxxxxxxxxxxxxxxxx
> > > Hi Eric,
> > >
> > > I have been trying to use peap with Cisco Ap's and wm5 but I am
never
> > > prompted for a user name and password. Today, I tries the same with
a
> 3com
> > > com and I was surprised that it works.
> > >
> > > What could be wrongly configured on the Cisco AP....?
> > >
> > > Regards,
> > > MAhmoud Amin - MVP Infrastructure Arch.
> > > "Eric Hicks [MVP]" <i'm@xxxxxxxxxxx> wrote in message
> > > news:86EF7A7F-6B41-42D4-87BB-B7ED8BD744E9@xxxxxxxxxxxxxxxx
> > >> Tweezer when you try to connect a WM5 device using EAP/TLS or PEAP

what
> > >> happens or doesn't happen? With PEAP on my WM5 device connecting
to
> > >> Cisco
> > >> 1231 AP's with IAS I am aksed for my username and password. With
> EAP/TLS
> > > my
> > >> username is taken from the user cert but there's no password > > >> prompt
> > > however
> > >> I do have to enter in the domain. From there I can connect and > > >> i'm
> only
> > >> presented with those login options the initial time the device is
> > > introduced
> > >> to the systemm after the information is entered I don't see it
again
> > > unless
> > >> I'm using PEAP and change my password.
> > >>
> > >> -- > > >> -- > > >> Eric Hicks [That_Kid] (MS-MVP Mobile Devices)
> > >>
> > >> The MS-MVP Program - http://mvp.support. microsoft.com This > > >> posting
is
> > >> provided "AS IS" with no warranties, and confers no rights...
> > >>
> > >> "Tweezer" <Tweezer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > >> news:0125D583-C256-4C50-BAAA-A4AC7C976A02@xxxxxxxxxxxxxxxx
> > >> > I'd be happy to get EAP/TLS working even. Here's what I want. > > >> > I
> want
> > >> > only
> > >> > devices that have a certificate that has been issued by me to be
able
> > >> > to
> > >> > access the wireless network. I can run either WM5 or CE on the
> > >> > portable
> > >> > device (bar code scanner). I prefer that the certificate is the

only
> > >> > authentication, but I'd be willing to settle for user/password > > >> > in
> > > addition
> > >> > to
> > >> > the cert. The important thing is that no access will be given
> without
> > >> > a
> > >> > cert
> > >> > even if a correct user/password is known. I have Cisco WAPs and
IAS
> > >> > running.
> > >> > I can make this work on XP without issue. If anyone has > > >> > actually
> made
> > >> > this
> > >> > work, please help me out. I have a lab I can test with, but
haven't
> > > been
> > >> > able to make any combination work on the mobile device.
> > >> >
> > >> > "Eric Hicks [MVP]" wrote:
> > >> >
> > >> >> If you don't want to use usernames/password then that's not > > >> >> PEAP
> > >> >> that's
> > >> >> EAP/TLS and you do need a user and root cert on the device.
Some
> > > devices
> > >> >> come with a cert utility (ipaq 5555's, ppc 6700's and a few

others).
> > > If
> > >> >> you
> > >> >> don't want to go that route you will need to export the full

cert,
> > >> >> root
> > >> >> and
> > >> >> all from your xp machine. Then you will need to use pfx import

util
> > > from
> > >> >> ( http://www.jacco2.dds.nl/networking/pfximprt.html ) to import
> those
> > >> >> certs
> > >> >> into your device.
> > >> >>
> > >> >> -- > > >> >> -- > > >> >> Eric Hicks [That_Kid] (MS-MVP Mobile Devices)
> > >> >>
> > >> >> The MS-MVP Program - http://mvp.support. microsoft.com This
posting
> is
> > >> >> provided "AS IS" with no warranties, and confers no rights...
> > >> >>
> > >> >> "Tweezer" <Tweezer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > >> >> news:65AA8145-5796-4A2E-87A5-1EE3297D4AAF@xxxxxxxxxxxxxxxx
> > >> >> >I don't want to use username/password. I want to use Certs. > > >> >> >I
can
> > >> >> >do
> > >> >> >this
> > >> >> > with XP easily. WM5 doesn't work though.
> > >> >> >
> > >> >> > "mlai" wrote:
> > >> >> >
> > >> >> >> I think PEAP works on encrypting the authentication channel
> between
> > >> >> >> the
> > >> >> >> mobile device and the server. The user logs on using his
> > > credentials
> > >> >> >> (username/password) and no certificate is needed. So in

essence,
> > > the
> > >> >> >> cert
> > >> >> >> that you are importing to the device is only for encryption

of
> > >> >> >> communication
> > >> >> >> between the device and the server (a root cert for the > > >> >> >> server
> cert)
> > >> >> >> and
> > >> >> >> not
> > >> >> >> a user cert........
> > >> >> >> "Tweezer" <Tweezer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
> > >> >> >> news:F1F515C8-1151-435F-9F5B-60F8CC137273@xxxxxxxxxxxxxxxx
> > >> >> >> >I downloaded a third party tool that allowed me to import

pfx
> > > files.
> > >> >> >> >I
> > >> >> >> >don't
> > >> >> >> > see how this could work without having the user cert if

that's
> > > what
> > >> >> >> > we
> > >> >> >> > plan
> > >> >> >> > to user for authentication. Please elaborate if possible.
> > >> >> >> >
> > >> >> >> > Thanks
> > >> >> >> >
> > >> >> >> > "Eric Hicks [MVP]" wrote:
> > >> >> >> >
> > >> >> >> >> Yes this is possible, for PEAP you only need the root
> > >> >> >> >> certificate
> > >> >> >> >> installed
> > >> >> >> >> on your device. How are you installing the certificates

to
> your
> > >> >> >> >> device?
> > >> >> >> >>
> > >> >> >> >> -- > > >> >> >> >> -- > > >> >> >> >> Eric Hicks [That_Kid] (MS-MVP Mobile Devices)
> > >> >> >> >>
> > >> >> >> >> The MS-MVP Program - http://mvp.support. microsoft.com
This
> > > posting
> > >> >> >> >> is
> > >> >> >> >> provided "AS IS" with no warranties, and confers no

rights...
> > >> >> >> >>
> > >> >> >> >> "Tweezer" <Tweezer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in

message
> > >> >> >> >> news:CC65BA8A-F477-41E4-853B-497C05E65E1D@xxxxxxxxxxxxxxxx
> > >> >> >> >> > Is this possible to get working? I have a WM5 device

that I
> > >> >> >> >> > managed
> > >> >> >> >> > to
> > >> >> >> >> > install a personal and root certificate on, but it > > >> >> >> >> > won't
> > >> >> >> >> > authenticate
> > >> >> >> >> > to
> > >> >> >> >> > my
> > >> >> >> >> > WLAN. I'm using IAS server for the auth. I have used
the
> > >> >> >> >> > same
> > >> >> >> >> > cert
> > >> >> >> >> > combo
> > >> >> >> >> > on
> > >> >> >> >> > an XP laptop and everything works fine. ANy advice

would be
> > >> >> >> >> > appreciated.
> > >> >> >> >>
> > >> >> >>
> > >> >>
> > >>
> > >
> > >
> >
>
>
>

Follow-Ups:
- Re: WM5 PEAP with Certificates
  - From: Eric Hicks [MVP]

References:
- Re: WM5 PEAP with Certificates
  - From: Tweezer
- Re: WM5 PEAP with Certificates
  - From: Eric Hicks [MVP]
- Re: WM5 PEAP with Certificates
  - From: Mahmoud Amin
- Re: WM5 PEAP with Certificates
  - From: Eric Hicks [MVP]
- Re: WM5 PEAP with Certificates
  - From: Mahmoud Amin
- Re: WM5 PEAP with Certificates
  - From: Tweezer
- Re: WM5 PEAP with Certificates
  - From: Mahmoud Amin

Prev by Date: Re: Review of FlexMail 2007
Next by Date: wifi setup help
Previous by thread: Re: WM5 PEAP with Certificates
Next by thread: Re: WM5 PEAP with Certificates
Index(es):
- Date
- Thread

Relevant Pages

Re: WM5 PEAP with Certificates
... Ok I posted my config file to the pocketpc.binaries group, ... The MS-MVP Program - http://mvp.support. ... microsoft.com This posting is ... Mahmoud Amin MVP-Infrastructure Architect ...
(microsoft.public.pocketpc.wireless)
Re: xbox (old) media center not connecting to mce 2005
... The following page has firewall config instructions specific to OneCare: ... This posting is provided "AS IS" with no warranties, ...
(microsoft.public.windows.mediacenter)
Re: Sendmail and masquerading
... > I found that it is not necessary to try to config sendmail's config ... > Sendmail uses that as his internal domain name for all emails. ... You can complain all you want, but by posting you have ...
(freebsd-questions)
Re: Error : INVALID_PIPE_HANDLE on Interrupt pipe 0x81 (USB)
... Bcoz we have been using Cypress boards and ... > This posting is provided "AS IS" with no warranties, and confers no rights. ... >> Read the config desc... ...
(microsoft.public.development.device.drivers)