Re: Computer cert/User cert 802.1x Authentication query / PKI

Try this:
http://technet2.microsoft.com/windowsserver/en/library/e5b6b735-1014-4ca4-a64a-ae97a3e782601033.mspx?mfr=true

Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley


"James Bullock" <jimmerb@xxxxxxxxxxxxxxxxxxx> wrote in message news:C307A78D-12A8-405B-A9BF-BED339E0160D@xxxxxxxxxxxxxxxx
Sorry, realised i'd not put the correct words in the header! any assistance
much appreciated.

"James Bullock" wrote:

Hi there,

My question is this: we have our wireless setup pretty much identical to the
description in this white paper:
http://download.microsoft.com/download/f/d/d/fdd4d246-eabe-4a3e-a935-358532b5c168/StepSecureWirelessAcc.doc#_Toc100984847

We have a working, established PKI infrastructure and all Cisco 1100 ap's
globally. We are using microsoft IAS with both a user and computer RAP. both
of these appear to work fine and the network is firmly in production.

It seems to work very well on the whole, machines are connected whilst users
arent logged on so they receive gpo updates etc, when a user logs on they
authenticate fine, providing they have previously been on the computer whilst
it is connected to a wired network. If they havent been on the machine via a
wired connection before there first log on on that machine then the machine
does not have a local copy of their certificate, neither can it auto-enrol
their certificate as it has no connectivity once they are logged on.
Consequently the wireless sticks on authenticating or "no certificate" in
these circumstances.

What i'd like is to somehow allow people to request/enrol a certificate when
logging onto the machine for the first time over wireless (rather than having
to first put them on the wired network), is it possible to specify limited
access during logon so the users account is able to connect to the pki box
and enrol a new user certificate? maybe with an additional remote access
policy?

We have absolutely no problems with the distribution of computer certificates.

I acknowledge that its fully possible that my implementation is at fault
here! As i cant find any indication that the behaviour i'm experiencing has
been a problem for anyone else!


Any advice/pointers greatly appreciated.

Jim

.

Relevant Pages

  • Re: daisy-chaining internet connectivity
    ... > ethernet instead of wireless. ... This other machine has only a wired network card, ... in the same machine that currently has a wireless network connection. ... connection and the wired interface will be the LAN connection. ...
    (Debian-User)
  • Re: Cant use both wired and wireless networking at same time
    ... I then have manual configured IP address's for the wireless ... connection box i configure to share the connection on the wired adapter ... wired network and a wireless ... PC as a router, no? ...
    (microsoft.public.windows.vista.general)
  • Re: SBS Wireless policy
    ... laptop now recognizes YOUR wireless network is there. ... I agree this sounds like a GPO issue. ... laptop during the WIRED connection step. ... "802.1x Computer Certificate Wireless LAN Policy" and select Properties. ...
    (microsoft.public.windows.server.sbs)
  • Re: XP bridge with Linksys PAP2 (voip)?
    ... In theory you could bridge the wireless and wired network connections on ... That laptop has an unused wired network port (Local Area Connection). ...
    (microsoft.public.windowsxp.network_web)
  • Re: Certificate wireless user issue
    ... Wireless provisionning should occur through a wired connection! ... The user can connect first then acquire their certificate, ... > installing a user certificate on your wireless clients over a wireless ...
    (microsoft.public.internet.radius)