Solved

Certificate Question: 802.1x Authentication of iPad to Cisco Meraki WiFi

Posted on 2014-03-03
2
1,321 Views
Last Modified: 2014-03-03
I am using a Cisco Meraki MR34 and I have an SSID setup for 802.1x with RADIUS authentication.  When a Windows host on the domain attaches to that domain - badaboom the device is on the network.  Great.  Now if I want my iPad to attach to that network I get prompted for AD user ID and password.  MS NPS RADIUS accepts my password and a certificate comes to the iPad from the domain controller - here MITYDC1.
Works pretty well.  BUT I am trying to see if the DC is keeping track of this certificate that it has issued and I am not seeing it.  I am looking in Console Root/Certificates(Local Computer) and all the branches below Certificates(Local Computer) but not seeing it there.  Is this information stored elsewhere?  Or perhaps I am just missing it in my search?  My longer goal would be to be able to revoke this certificate on demand if I wanted in the future.  Any thoughts appreciated.

+ System

  - Provider

   [ Name]  Microsoft-Windows-Security-Auditing
   [ Guid]  {54849625-5478-4994-3e3b0328c30d}
 
   EventID 6278
 
   Version 0
 
   Level 0
 
   Task 12552
 
   Opcode 0
 
   Keywords 0x8020000000000000
 
  - TimeCreated

   [ SystemTime]  2014-03-03T19:54:26.270Z
 
   EventRecordID 462586891
 
   Correlation
 
  - Execution

   [ ProcessID]  616
   [ ThreadID]  4500
 
   Channel Security
 
   Computer MITYDC1.MCAT.LOCAL
 
   Security
 

- EventData

  SubjectUserSid S-1-5-21-2244651681-2909242435-3723-4534
  SubjectUserName sclemmens
  SubjectDomainName MCAT
  FullyQualifiedSubjectUserName MCAT.LOCAL/IT Test/Samuel Clemmens
  SubjectMachineSID S-1-0-0
  SubjectMachineName -
  FullyQualifiedSubjectMachineName -
  MachineInventory -
  CalledStationID 02-18-4A-A3-5F-E0:mcatwifi
  CallingStationID 38-48-4C-E3-3C-6F
  NASIPv4Address 10.10.32.14
  NASIPv6Address -
  NASIdentifier -
  NASPortType Wireless - IEEE 802.11  
  NASPort 0
  ClientName sfo-cmr34-02
  ClientIPAddress 10.10.32.14
  ProxyPolicyName Use Windows authentication for all users
  NetworkPolicyName Wireless PEAP
  AuthenticationProvider Windows  
  AuthenticationServer MITYDC1.MCAT.LOCAL
  AuthenticationType PEAP
  EAPType Microsoft: Secured password (EAP-MSCHAP v2)
  AccountSessionIdentifier -
  QuarantineState Full Access  
  ExtendedQuarantineState -
  QuarantineSessionID -
  QuarantineHelpURL -
  QuarantineSystemHealthResult -
0
Comment
Question by:amigan_99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 39901687
It is not issuing any certificate. It is only sending its own certificate for identification purposes.
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 39901704
That helps a lot - thank you.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question