Re: 802.1x with machine authentication and XP SP3 from Lora Ganeva on 2009-10-02 (Ccielab archives 10/2009)

From: Lora Ganeva <L.Ganeva_at_mobiltel.bg>
Date: Fri, 2 Oct 2009 18:56:01 +0300

Hi,

actually our domain is 2008 and we don't need the schema extension:(

Thanks for help anyway

On 02.10.2009, at 18:24, "Ryan West" <rwest_at_zyedge.com> wrote:

> Lora,
>
> It's nice to use ACS when it really makes a difference. Since AD
> already has to be extended (assumption of a 2003 domain) to support
> the added supplicant information, it seems easiest to just use IAS
> at that point. This will give you one neck to wring.
>
> http://www.microsoft.com/downloads/details.aspx?FamilyID=60c5d0a1-9820-480e-aa38-63485eca8b9b&displaylang=en
>
> Inside this document, there is a link to enable wireless LAN PEAP
> auth, but there are two schema extensions in there as well. One for
> wired and another for wireless. Applying the extension should allow
> you to configure the proper GPO settings that both IAS/ACS would be
> expecting. I found a walk through a while back that shows wired
> PEAP auth with dynamic VLAN assignments for use with IAS. If you
> want I can forward this along to you as well.
>
> Good luck,
>
> -ryan
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
> Of Lora Ganeva
> Sent: Friday, October 02, 2009 9:05 AM
> To: ccielab_at_groupstudy.com
> Subject: 802.1x with machine authentication and XP SP3
>
> Hello experts,
>
> I am running a small project with Windows XP SP3 native supplicants
> using
> machine authentication towards cisco 3560 switches and the newest
> Cisco ACS
> 5.0. Machine authentication is done via PEAP/MSCHAPv2 towards
> Microsoft AD.
> I am having a lot of troubles, mainly because my poor knowledge of
> Microsoft
> technologies. Here is one of them - the most most common reasons for
> computers to fail authentication towards AD:
>
> Invalid EAP payload type
>
> cisco has reported this to happen when there is a problem with the
> supplicant.
> Unfortunately, my supplicants are having such problems from time to
> time
> only.
>
> In addition, i have updated the PCs, applied one hotfix for fixing
> up failed
> authentication after reboot and made all the recommended settings
> through
> Group Policy. The issue appears in the middle of the day, not after
> reboot or
> any other specific activity.
>
> Any help will be appreciated,
>
> Regards,
> Lora
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________

> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Oct 02 2009 - 18:56:01 ART

This archive was generated by hypermail 2.2.0 : Sun Nov 01 2009 - 07:50:59 ART