I do this. In the certificate the common name is Auth.central.edu. Then I have auth2 and auth3 listed as additional names on the certificate. I have the certificate installed on both servers and auth points to both servers. With server 2008R2 I also disable strict name checking.
Thank you, Lee Weers Central College IT Services Assistant Director for Network Services 641-628-7675 Vcard https://www.mcpvirtualbusinesscard.com/VBCServer/LeeWeers/interactivecard Vprofile https://www.mcpvirtualbusinesscard.com/VBCServer/LeeWeers/profile -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Osborne, Bruce W Sent: Tuesday, September 20, 2011 6:20 AM To: [email protected] Subject: Re: [WIRELESS-LAN] Issue with Microsoft NPS certs and ipads/iphones Dennis, How does that work? The two servers have different hostnames & DNS entries, I assume. I do not think it would work in our NPS environment anyway. Our NPS servers are also Read-Only Domain Controllers (each in their own site). This removes the RADIUS server load from our production Domain Controllers. Bruce Osborne Wireless Network Engineer IT Network Services (434) 592-4229 LIBERTY UNIVERSITY 40 Years of Training Champions for Christ: 1971-2011 -----Original Message----- From: Dennis Xu [mailto:[email protected]] Sent: Monday, September 19, 2011 3:04 PM Subject: Re: Issue with Microsoft NPS certs and ipads/iphones We use the same certificate on two ACS servers for PEAP authentication to avoid the certificate warning when user connects to the 2nd ACS server. We haven't seen any issues with that. --- Dennis Xu Network Analyst, Computing and Communication Services University of Guelph 5198244120 x 56217 ----- Original Message ----- From: "Bob Richman" <[email protected]> To: [email protected] Sent: Monday, September 19, 2011 1:11:02 PM Subject: [WIRELESS-LAN] Issue with Microsoft NPS certs and ipads/iphones We have a new issue that popped up when we upgraded our radius backend for our dot1x/peap from 2 microsoft widows 2003 IAS servers with Equifax certs to 3 microsoft windows 2008 NPS servers with geotrust certs. What we have is issues with ipad/iphones that seem to only sometimes remember the cert they most recently accepted. So for example, an IPAD connecting to the wireless using NPS server 1 will prompt the user to accept and they get on. Subsequent attempts to an AP that uses that same server will work fine. But an attempt to another set of APs using server 2 will cause the user to have to accept the cert corresponding to the new server. We do use the Cloudpath installers, but they seem to be of no help here. So, we did change 2 things at once, new certs and going from IAS to NPS. Anyone having any issues like this? Thanks, Bob Richman University of Notre Dame. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
