Re: EAP-TLS Authentication question

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Ashwin Palekar\(MS\) (ashwinp_at_online.microsoft.com)
Date: 06/03/04

  • Next message: Ashwin Palekar\(MS\): "Re: radius authenticaion then ad" 
    Date: Wed, 2 Jun 2004 21:40:29 -0700



    -- 
-- 
===========================================================
This posting is provided "AS IS" with no warranties and confers no rights
===========================================================
"Stefan" <stefa.suesser@no-spam.web.de> wrote in message 
news:1C292EBD-801E-424A-9C92-5321D37A611D@microsoft.com...
> Hi NG,
>
> we habe configured our WLAN with IAS and certificates, using EAP-TLS. We 
> strictly followed the Microsoft guide "Securing Wireless LANs", and 
> everything seems to work fine.
> I just have some questions, maybe because I do not fully understand what 
> SHOULD go on there.
> Is it right that when a computer and user are authenticated, and the user 
> logs off and logs back on again, that only the user gets authenticated 
> again, not the computer?
Computer and User are distinct authentications. They are not related in any 
way. During startup computer gets authenticated. When user logons on, user 
gets authenticated. When user back again, user gets autheticated again.
> Is it right that the computer only gets authenticated when the computer 
> starts up?
Correct.
> We had some issues where the user already had received its client 
> authentication certificate, but not the computer. The computer was 
> connected to the LAN via cable. Then we inserted the WLAN card, the user 
> got authenticated and had access to the WLAN - without having a computer 
> certificate. It this how is should be?
> In the trace logs on the IAS server and the client, we can see that the 
> computer gets authenticated when it starts up, but not when just a new 
> user logs on to the computer.
> I would be very happy if somebody could explain me what the "right" 
> behavior is - many thanks!
See above.
  • Next message: Ashwin Palekar\(MS\): "Re: radius authenticaion then ad"

    Relevant Pages

    • Re: Exchange SMTP server is relaying Spam...
      ... activity that could be matched with the Times and Dates of the Spam Relay. ... I built a Database that matched the Security Log Data, the SMTP log and the ... Message Tracking Logs. ... How can I log authentications to find the offending user? ...
      (microsoft.public.windows.server.sbs)
    • Re: Exchange SMTP server is relaying Spam...
      ... I built a Database that matched the Security Log Data, the SMTP log ... and the Message Tracking Logs. ... I just don't run into this, because I don't allow relay at ... How can I log authentications to find the offending user? ...
      (microsoft.public.windows.server.sbs)
    • Re: Exchange SMTP server is relaying Spam...
      ... The SMTP logging and the Message Tracking seem to be removed from the ... Protocol and Message logs. ... How can I log authentications to find the offending user? ... You probably aren't relaying spam. ...
      (microsoft.public.windows.server.sbs)
    • Authentication by IIS
      ... As we know that IIS provides 5 kind of authentications ... viz. ... Basic, Certificate, Integrated, Digest and ...
      (microsoft.public.inetserver.iis.security)