Chapter 13 User Databases
Windows User Database
User Guide for Cisco Secure ACS for Windows Server
d. On the Protected EAP Properties dialog box, you can enforce that
Cisco Secure ACS has a valid server certificate by selecting the Validate
server certificate check box. If you do select this check box, you must
also select the applicable Trusted Root Certification Authorities.
e. Also open the PEAP properties dialog box, from the Select
Authentication Method list, select Secured password (EAP-MSCHAP
5. To enable EAP-TLS machine authentication, configure the Authentication
tab. In Windows XP, the Authentication tab is available from the properties of
the wireless network. In Windows 2000, it is available from the properties of
the wireless network connection.
a. Select the Enable network access control using IEEE 802.1X check
b. Select the Authenticate as computer when computer information is
available check box.
c. From the EAP type list, select Smart Card or other Certificate.
d. On the Smart Card or other Certificate Properties dialog box, select the
Use a certificate on this computer option.
e. Also on the Smart Card or other Certificate Properties dialog box, you
can enforce that Cisco Secure ACS has a valid server certificate by
selecting the Validate server certificate check box. If you do select this
check box, you must also select the applicable Trusted Root Certification
If you have a Microsoft certification authority server configured on the domain
controller, you can configure a policy in Active Directory to produce a client
certificate automatically when a computer is added to the domain. For more
information, see Microsoft Knowledge Base Article 313407, HOW TO: Create
Automatic Certificate Requests with Group Policy in Windows.
Enabling Machine Authentication
This procedure provides an overview of the detailed procedures required to
configure Cisco Secure ACS to support machine authentication.