Re: 802.1X Client Certificates Only Loggin Into Local Machine
From: Ashwin Palekar\(MS\) (ashwinp_at_online.microsoft.com)
Date: 02/19/04
- Next message: stonyguy: "How to implement the configuration of wireless setting in Windows XP or Server 2003?"
- Previous message: Ashwin Palekar\(MS\): "Re: Can you please help with assigning IP addresses on a wireless RADIUS network?"
- In reply to: Ashwin Philar: "802.1X Client Certificates Only Loggin Into Local Machine"
- Next in thread: Ashwin Philar: "Re: 802.1X Client Certificates Only Loggin Into Local Machine"
- Reply: Ashwin Philar: "Re: 802.1X Client Certificates Only Loggin Into Local Machine"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 18 Feb 2004 20:45:41 -0800
This is mostly accurate.
2 small, but important steps
a) Since you are not deploying user certs, you have to configure the Windows
client to only use machine authentication; and not initiate user
authentication.
This can be done by setting the auth-mode registry key on Windows clients.
There is a KB which documents the auth-mode registry key.
b) Create a remote access policy at the RADIUS server that grants access to
members of the Domain Computers group.
-- -- =========================================================== This posting is provided "AS IS" with no warranties and confers no rights =========================================================== "Ashwin Philar" <ashwinphilar@hotmail.com> wrote in message news:33fe2089.0402181650.21a57714@posting.google.com... > Hi!! > > This is what I want to do: > > 1) Use 802.1X with EAP-TLS > 2) Use Machine Certificates Only (No User Certificates) > > This is what I plan to do: > 1) Join machines to the domain > 2) Install machine certificates > 3) Users log on to local machine and 802.1X uses machine certificates > > I believe that since there is an entry for the machine on the DC, the > machine should be granted access based on the certificate. > > Please let me know if this is wrong. > > Thanks, > Ashwin Philar
- Next message: stonyguy: "How to implement the configuration of wireless setting in Windows XP or Server 2003?"
- Previous message: Ashwin Palekar\(MS\): "Re: Can you please help with assigning IP addresses on a wireless RADIUS network?"
- In reply to: Ashwin Philar: "802.1X Client Certificates Only Loggin Into Local Machine"
- Next in thread: Ashwin Philar: "Re: 802.1X Client Certificates Only Loggin Into Local Machine"
- Reply: Ashwin Philar: "Re: 802.1X Client Certificates Only Loggin Into Local Machine"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
