We help IT Professionals succeed at work.
Get Started

Wirelss, RADIUS, Certificates, mass confusion

Eric-arup
Eric-arup asked
on
1,029 Views
Last Modified: 2013-12-09
Hello

First let me admit, I am not very good with certs.

I am trying to get wireless networks to authenticate by Active Directory via an external RADIUS(Cisco ACS v5.1).  The entire process works with the exception of the “Validate Certificate” setting in the wireless client.  My logical topology is attached.


Basically I have win 7 and win xp clients that connect to a lightweight access point that is managed by Cisco 4402 Wireless Controller(WLC).  The wireless controller has a SSID “XYZ” that is configured to [WPA + WPA2(AES)][Auth(802.1X)].  And this in turn talks to a Cisco ACS v5.1(latest ver), and that talks LDAP to Active Directory matching the dial in attribute and membership in a specific security group.

If I uncheck “Validate Certificate” everything works great, so that tells me the logical process is good.

So the Certs, there is a Verisign cert on the Cisco ACS that is in charge of the EAP.  I took that Cert and exported its private keys and put them in the “Default Domain” GPO under machine account > windows settings > security settings > public key policies > trusted root certification authorities.  And I think this is where my confusion is, as I understand it that should be the cert the clients import as part of their GPO but it simply doesn’t work.

I’m confused as to which support to call first, I’m a bit lost.  Any help is greatly appreciated.

-e

wireless-ltopo.jpg
Comment
Watch Question
Senior advisor
CERTIFIED EXPERT
Commented:
This problem has been solved!
Unlock 1 Answer and 4 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE