Re: [WIRELESS-LAN] PEAP/MS-CHAPv2 and LDAP problems

2008-07-23 Thread Julian Y. Koh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At 17:00 -0400 7/22/2008, John York wrote: I'm sure someone has gotten this to work before. Does authenticating to an ldap server mean we are forced to use EAP-TLS with client certs, install some client on the student machines, or is there another

RE: [WIRELESS-LAN] iPhone 2.0 news

2008-07-23 Thread Barber, Matt
Is anyone else still seeing erratic behavior with any iPhones/iPod Touches running 2.0? I have had some strange problems with mine and some others here. When trying to connect to my WPA2 PEAP-MSCHAPv2 network, for a while it wouldn't prompt me to accept our self-signed cert. After resetting the

RE: [WIRELESS-LAN] Idengines AutoConnect

2008-07-23 Thread Casey, J Bart
Branden, We are using Autoconnect here with LDAP/ACS 3.3. We are not using the Idengies Ignition Server. We didn't have to make any modifications. We were able to drop Autoconnect into our existing deployment without incident. Regards, J. Bart Casey Network Engineer Wofford College

RE: [WIRELESS-LAN] PEAP/MS-CHAPv2 and LDAP problems

2008-07-23 Thread Case, Brandon J
If you're using ACS with an external LDAP database then you're limited to EAP-FAST, PEAP-GTC, or EAP-TLS according to the ACS documentation. We did run into a similar problem but decided to access the user database via RADIUS instead (we have a proprietary, home-grown system which is accessible

RE: [WIRELESS-LAN] iPhone 2.0 news

2008-07-23 Thread Lee H Badman
We have seen a few things so far, I consider these circumstantial but very consistent: - some users want to simply point at the secure SSID without setting up the profile. In the iPhone, I see no prompting at all for any certs, etc., just spins it's obnoxious little wheel until it times

Re: [WIRELESS-LAN] iPhone 2.0 news

2008-07-23 Thread Reynolds, Walter
Wireless has been smooth for those using it with WPA2 enterprise. But it was installed with the iphone config tool. Added cert trust settings there. -Original Message- From: Barber, Matt [EMAIL PROTECTED] Subj: Re: [WIRELESS-LAN] iPhone 2.0 news Date: Wed Jul 23, 2008 7:17 am Size:

RE: [WIRELESS-LAN] iPhone 2.0 news

2008-07-23 Thread Barber, Matt
Thanks for the summary Lee. I am totally on-board with the ability to do WPA Enterprise at all being great. I just wanted to make sure I wasn't the only one seeing some strangeness. I was going to take a look at the config tool anyway, but I will give that a shot and then see what issues

Certificate validation...

2008-07-23 Thread Hector J Rios
We are a Cisco LWAPP shop and have a PEAP/WPA secure wireless network. For our certificates we have a PKI which is trusted through GTE Cyber Trust Global Root. When a first time user connects to the wireless they are prompted with a window that tells them that the certificate is not trusted. So

RE: [WIRELESS-LAN] PEAP/MS-CHAPv2 and LDAP problems

2008-07-23 Thread j.vaningenschenau
You could try a different Radius server... we use Radiator (http://www.open.com.au/radiator/) but eg FreeRADIUS (http://freeradius.org/) is also a good choice. Both support a wide variety of EAP methods, including PEAP and EAP-TTLS. Actually, we support both on our wireless network (but prefer

Re: [WIRELESS-LAN] PEAP/MS-CHAPv2 and LDAP problems

2008-07-23 Thread Mike King
I highly recommend Freeradius.org. But if Linux is not your thing, I think IDengines might be able to pull this off. On Wed, Jul 23, 2008 at 10:27 AM, Jeroen van Ingen [EMAIL PROTECTED] wrote: You could try a different Radius server... we use Radiator (http://www.open.com.au/radiator/) but

RE: Certificate validation...

2008-07-23 Thread Reynolds, Walter
I am not aware of a way to automatically set the trust settings within OS X 10.4 (Mac said this was a security feature so user had to validate the trust of EAP certificates). Leopard however has been changed so that is something that can somehow be set automatically. On the windows supplicant