01-27-2015 02:17 PM
Solved! Go to Solution.
01-27-2015 02:19 PM
Are you doing username/password authentication (PEAP)? Are you using the internal or an external RADIUS server?
01-27-2015 02:28 PM
I have yet to play with the certificates on this system so the default appears to be PEAP The default certificate by GeoTrust is the certificate I see.
We configured this to talk to an external RADIUS.
In Maintenance -> Certificates it says:
Certificates affect which authentication protocols are used:
- No cert: LEAP
- Server cert: PEAP + TTLS
- Server and CA certs: TLS
If I'm understanding what I've read so far 'No cert: LEAP' would leave the traffic between clients and WAPs unencrypted. We'd prefer this be encrypted.
01-27-2015 02:31 PM
OK. Can you explain what you are seeing on the devices? Most of the time, the message that is displayed is not an error and is just a normal part of the EAP-PEAP-MSCHAPv2 exchange.
It is asking the user if they trust the server to process their credentials This always has to be done the first time a user connects to a network using a tunneled encryption protocol with server-side certificates.
The only way to get around this is to pre-configure client devices, push down a profile via group policy or profile manager or use something like QuickConnect to configure devices.
01-27-2015 02:40 PM
I've attached a screenshot my Windows laptop sees. My Android phones receives no error/message but an iPhone here does. My laptop has connected before and sees this everytime.
If this is normal and can be configured to avoid this is there a post or documentation on this process?
01-27-2015 02:44 PM
This is normal. Users click accept or connect depending on the platform.
The only way to get around this is to push down configuration policies through Group Policy or Profile manager, or use QuickConnect for your users.
Take a look here: