Solved

Certificate Question: 802.1x Authentication of iPad to Cisco Meraki WiFi

Posted on 2014-03-03
2
1,307 Views
Last Modified: 2014-03-03
I am using a Cisco Meraki MR34 and I have an SSID setup for 802.1x with RADIUS authentication.  When a Windows host on the domain attaches to that domain - badaboom the device is on the network.  Great.  Now if I want my iPad to attach to that network I get prompted for AD user ID and password.  MS NPS RADIUS accepts my password and a certificate comes to the iPad from the domain controller - here MITYDC1.
Works pretty well.  BUT I am trying to see if the DC is keeping track of this certificate that it has issued and I am not seeing it.  I am looking in Console Root/Certificates(Local Computer) and all the branches below Certificates(Local Computer) but not seeing it there.  Is this information stored elsewhere?  Or perhaps I am just missing it in my search?  My longer goal would be to be able to revoke this certificate on demand if I wanted in the future.  Any thoughts appreciated.

+ System

  - Provider

   [ Name]  Microsoft-Windows-Security-Auditing
   [ Guid]  {54849625-5478-4994-3e3b0328c30d}
 
   EventID 6278
 
   Version 0
 
   Level 0
 
   Task 12552
 
   Opcode 0
 
   Keywords 0x8020000000000000
 
  - TimeCreated

   [ SystemTime]  2014-03-03T19:54:26.270Z
 
   EventRecordID 462586891
 
   Correlation
 
  - Execution

   [ ProcessID]  616
   [ ThreadID]  4500
 
   Channel Security
 
   Computer MITYDC1.MCAT.LOCAL
 
   Security
 

- EventData

  SubjectUserSid S-1-5-21-2244651681-2909242435-3723-4534
  SubjectUserName sclemmens
  SubjectDomainName MCAT
  FullyQualifiedSubjectUserName MCAT.LOCAL/IT Test/Samuel Clemmens
  SubjectMachineSID S-1-0-0
  SubjectMachineName -
  FullyQualifiedSubjectMachineName -
  MachineInventory -
  CalledStationID 02-18-4A-A3-5F-E0:mcatwifi
  CallingStationID 38-48-4C-E3-3C-6F
  NASIPv4Address 10.10.32.14
  NASIPv6Address -
  NASIdentifier -
  NASPortType Wireless - IEEE 802.11  
  NASPort 0
  ClientName sfo-cmr34-02
  ClientIPAddress 10.10.32.14
  ProxyPolicyName Use Windows authentication for all users
  NetworkPolicyName Wireless PEAP
  AuthenticationProvider Windows  
  AuthenticationServer MITYDC1.MCAT.LOCAL
  AuthenticationType PEAP
  EAPType Microsoft: Secured password (EAP-MSCHAP v2)
  AccountSessionIdentifier -
  QuarantineState Full Access  
  ExtendedQuarantineState -
  QuarantineSessionID -
  QuarantineHelpURL -
  QuarantineSystemHealthResult -
0
Comment
Question by:amigan_99
2 Comments
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 39901687
It is not issuing any certificate. It is only sending its own certificate for identification purposes.
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 39901704
That helps a lot - thank you.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question