Re: Setting up AD (W2K3) for SmartCard Authentication

From: Don Jones <DonJones@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 2 Apr 2008 05:53:01 -0700

Thanks for the response. I have read the articles, have a question.

We have smartcards issued by a third party ca, and have the root-ca's
certificate listed in the places mentioned in the articles. Our
DomainController Certificate is not from the Same CA that issued the
SmartCards Certificates. The Certificate is from our Enterprise CA. We are
currently using the DomainController template, which doesn't list SmartCard
Logon as a property.

Does the DomainController's certificate contain the SmartCard Logon
property? If so, How can I add the SmartCard Logon property to the
DomainController Template or do I need to upgrade to Enterprise Edition?

Don Jones

"Dobromir Todorov" wrote:

Try this if you are looking at a third party (non-Microsoft) CA, or
Microsoft Standalone CA.

http://support.microsoft.com/kb/281245

If you are looking at your own, Microsoft Enterprise CAs, you'd suggest that
you go for a longer read here:
http://technet2.microsoft.com/windowsserver/en/library/40c46d0e-f4a1-4b27-8b45-f09b448130ae1033.mspx?mfr=true

--
---
HTH,
Dobromir

Visit http://www.iamechanics.com

"Don Jones" <DonJones@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:014B2D7A-CDBC-46ED-95B8-E9D22952AEBB@xxxxxxxxxxxxxxxx

Can someone direct me to some articles that explain how to configure AD
for
Smart Card Authentication? If read various articles and they were not
clear
as to what is required and how to implement smartcard authentication.

If this isn't the correct group, please let me know what the correct group
would be.

Thanks.

Don Jones

Follow-Ups:
- Re: Setting up AD (W2K3) for SmartCard Authentication
  - From: Brian Komar \(MVP\)

Prev by Date: Windows Server 2008 CA
Next by Date: Group Policy Management Console, GPMC for Vista with SP1
Previous by thread: Windows Server 2008 CA
Next by thread: Re: Setting up AD (W2K3) for SmartCard Authentication
Index(es):
- Date
- Thread

Relevant Pages

RE: Relative Security Provided by Cached Domain Credentials?
... So when a user logs on the w2k terminal using a smartcard + pin no (rather ... If it does then EFS ... profile currently logged on for the private certificate. ...
(Focus-Microsoft)
Re: Setting up AD (W2K3) for SmartCard Authentication
... The domain controller certificate will work for smart card authentication. ... currently using the DomainController template, ... Does the DomainController's certificate contain the SmartCard Logon ... > Can someone direct me to some articles that explain how to configure AD ...
(microsoft.public.security)
Re: SmartCards
... Smartcards can contain many authentication id's. ... client certificates can be stored on the smartcard. ... The user must provide the PKI ... certificate. ...
(Security-Basics)
Re: Setting up AD (W2K3) for SmartCard Authentication
... The SmartCards can log into on AD Forest, ... Looked that the article on 3rd party CA's, ... Does the certificate contain the user's UPN in the subject alternative name ... Does the DomainController's certificate contain the SmartCard Logon ...
(microsoft.public.security)
Re: Key archival and smartcard CSP
... the first question is that does your smartcard ... CSP allow the public/private key pair to be imported into its own store? ... > - When the certificate has been issued, i get the container name and the ...
(microsoft.public.platformsdk.security)