Re: 802.1x
- From: Willem <wimbo_online@[REMOVETHISPART]hotmail.com>
- Date: Wed, 25 Jan 2006 12:12:01 +0100
John wrote:
I am trying to enable 802.1x autentication for my network but when I try to connect to the network it says "Windows could not find a certificate to log you on". I have set up a CA and RADIUS server and they seem to be working fine. I have set a computer certificate to be deployed using auto-enrollment and I have verified that computers are receiving the computer certificate. I have set the 802.1x authentication options on the client computers to authenticate using computer information when available. When I request a user certificate and try to authenitcate it works fine, but when I delete the user cert and still have the computer cert, it fails. It seems like Windows is not even looking at the computer certificates when it decides what cert to send in for authentication. Any ideas? I have been pulling my hair out and I cant figure this one out. Any help would be greatly appreciated.
what are the radius policies? If you use EAP-TLS for authentication, a user certificate is mandatory. The computer certificate is used to log on to the domein when no user is logged on to the computer. This way, the computer can receive computer-based GPO's.
When a user logs on (after the computer has logged on) the 802.1x part drops the network link, and a new negotiantion process starts. This behaviour is easely viewed viewed with a continous ping to the target computer. After the user is authenticated the network connection is restored.
You could try to setup a policy with computerbased authentication with certificates and a different policy which allows username password (PEAP) authentication. I'm not sure if it will work though.
Willem .
- Prev by Date: Re: Net Logger Pro
- Next by Date: Re: Logon Type 2 during non business hours
- Previous by thread: Net Logger Pro
- Next by thread: Certificate configuration on Windows 2k
- Index(es):
Relevant Pages
|
