Enabling Machine Authentication - Cisco 3.3 User Manual

Windows User Database

Enabling Machine Authentication

User Guide for Cisco Secure ACS for Windows Server
13-22
On the Protected EAP Properties dialog box, you can enforce that
d.
Cisco Secure ACS has a valid server certificate by selecting the Validate
server certificate check box. If you do select this check box, you must
also select the applicable Trusted Root Certification Authorities.
Also open the PEAP properties dialog box, from the Select
e.
Authentication Method list, select Secured password (EAP-MSCHAP
v2).
To enable EAP-TLS machine authentication, configure the Authentication
5.
tab. In Windows XP, the Authentication tab is available from the properties of
the wireless network. In Windows 2000, it is available from the properties of
the wireless network connection.
Select the Enable network access control using IEEE 802.1X check
a.
box.
Select the Authenticate as computer when computer information is
b.
available check box.
From the EAP type list, select Smart Card or other Certificate.
c.
On the Smart Card or other Certificate Properties dialog box, select the
d.
Use a certificate on this computer option.
Also on the Smart Card or other Certificate Properties dialog box, you
e.
can enforce that Cisco Secure ACS has a valid server certificate by
selecting the Validate server certificate check box. If you do select this
check box, you must also select the applicable Trusted Root Certification
Authorities.
If you have a Microsoft certification authority server configured on the domain
controller, you can configure a policy in Active Directory to produce a client
certificate automatically when a computer is added to the domain. For more
information, see Microsoft Knowledge Base Article 313407, HOW TO: Create
Automatic Certificate Requests with Group Policy in
This procedure provides an overview of the detailed procedures required to
configure Cisco Secure ACS to support machine authentication.
Chapter 13 User Databases
Windows.
78-16592-01