@alow wrote:
Hi,
Probably a stupid question (hopefully not) but Ill ask anyhow..:smileyembarrassed:
Usually we use P-EAP wtih MsChapv2 as the innet method and it easy to setup on AOS and CPPM, but we have a customer that wants to use EAP-TLS as the inner method.
As a test we have setup the service on cppm as normal but set the inner method to EAP-TLS and installed a users cert from the AD's CA server (Win 2008 Enterprise edition) but authentication fails with a user not found in the access tracker.
The question I have is does the CPPM need to have anything other than is own cert issued by the AD's CA and obviously the CA's root certificate?
The wireless clients supplicant (Intels Proset in this instance) is setup to use a user cert (TLS) instead of MsCHAP.
regards
Andy
Ultimately, you will need to find the proper radius server/supplicant combination that will support whatever you want to do. This might not be a combination supported by your radius server and supplicant: http://wiki.freeradius.org/protocol/EAP-PEAP#PEAP-EAP-TLS
Lastly, if this is an enterprise deployment, I would not use the Intel Proset supplicant, because managing your endpoints would require yet another level of software that needs to be changed/configured on the client. Use the Microsoft Native Supplicant and manage with group policy, if possible.