PEAP Machine Authentication
Good evening folks,
My organization is currently moving to OV Stellar for our WLAN, but I’m having some trouble getting PEAP to work as expected. I’m trying to set up machine authentication based on AD OUs, but whenever I connect, I’m instead asked for a username/password, which it always rejects.
I initially thought it was due to OV not being a trusted CA on my client devices (as the RADIUS logs returned “unknown CA” whenever I tried to connect), but I’ve uploaded a certificate signed by our organization, which we use successfully for other tasks, and I’m still failing. Different error this time, though: “eap_peap: TLS Alert read:fatal:access denied”.
I also looked in my client device’s event viewer and found:
“Reason: Explicit Eap failure received
EAP Reason: 0x80420406
EAP Root cause String: The authentication failed because the certificate on the server computer does not have a server name specified”
I’m not really sure where to go from here. I had someone recommend to me to simply turn off certificate checking on the client devices, but I’d really rather not do that. Any advice is greatly appreciated!
I would recommend open a case TAC /Support.
From the Error : "The authentication failed because the certificate on the server computer does not have a server name specified" it says the issue is due to Radius server certificate validation is failed by the Client. To isolate the issue is due to Radius server certificate please try to disable validate server certificate on a test client.
In Windows we have two store Machine/Computer & User Store.
Please make sure radius server certificate /CA certificate is uploaded in Machine /Computer store in window in respective folders.
Ensure Machine authentication is enabled on 802.1x SSID as attached.
Last but not least Machine Authentication is only triggered when Computer Booting/powering up and before windows login OR Log off from the windows (Not shutdown).