Re: 802.1x



John wrote:
I am trying to enable 802.1x autentication for my network but when I try to connect to the network it says "Windows could not find a certificate to log you on". I have set up a CA and RADIUS server and they seem to be working fine. I have set a computer certificate to be deployed using auto-enrollment and I have verified that computers are receiving the computer certificate. I have set the 802.1x authentication options on the client computers to authenticate using computer information when available. When I request a user certificate and try to authenitcate it works fine, but when I delete the user cert and still have the computer cert, it fails. It seems like Windows is not even looking at the computer certificates when it decides what cert to send in for authentication. Any ideas? I have been pulling my hair out and I cant figure this one out. Any help would be greatly appreciated.

what are the radius policies? If you use EAP-TLS for authentication, a user certificate is mandatory. The computer certificate is used to log on to the domein when no user is logged on to the computer. This way, the computer can receive computer-based GPO's.
When a user logs on (after the computer has logged on) the 802.1x part drops the network link, and a new negotiantion process starts. This behaviour is easely viewed viewed with a continous ping to the target computer. After the user is authenticated the network connection is restored.


You could try to setup a policy with computerbased authentication with certificates and a different policy which allows username password (PEAP) authentication. I'm not sure if it will work though.

Willem
.



Relevant Pages

  • Re: Need help configuring Wireless Connection profile
    ... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • RE: Double authentication (User & Machine) with VPN SSL
    ... If you've got Windows and IIS, ... server machine using the typical IPSec policy and normal IPSec certs. ... Double authentication with VPN SSL ... - our users will soon have a certificate in a USB token; ...
    (Security-Basics)
  • Re: WM6 + PEAP/MSCHAPv2
    ... is set to PEAP not Smart Car or Certificate ... Our wifi network here uses PEAP/ ... barcode scanners running stuff like the AEGIS wifi client. ... Extensible Authentication Protocol Type cannot be processed by ...
    (microsoft.public.pocketpc.wireless)
  • Re: PEAP user authentication failed - need help
    ... How to Setup Windows, Network, VPN & Remote Access on ... > my own enterprise root certificate, ... > authentication), it NEVER asks me to enter user credentials and there ... > if the certificate is shown in the field while i configured wireless ...
    (microsoft.public.windows.server.networking)
  • Re: Need help configuring Wireless Connection profile
    ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless ... Vaillancourt,4155,1,4154,Use Windows authentication for all ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)