Re: EAP-TLS / Radius & AD

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Thomas Kuborn (thomas.kuborn_at_eu.didata.com)
Date: 06/03/04 

Date: Thu, 3 Jun 2004 18:27:06 +0200

Hehe I should have paid more attention to my phrasing ...

Thx

- Thomas -

"James McIllece [MS]" <jamesmci@online.microsoft.com> wrote in message
news:Xns94FC9E5078903jamesmcionlinemicros@207.46.248.16...
> Hi Thomas --
>
> The minimum certificate requirements provided in the topic link below will
> give a good idea of the properties.
>
> If you delete the client account from AD or revoke the certificate,
EAP-TLS
> still works, it's just that the user or computer cannot be authenticated
or
> authorized by IAS and therefore is not granted access to the network.
>
>
> "Thomas Kuborn" <thomas@kuborn.be> wrote in
> news:40b76d01$0$8398$a0ced6e1@news.skynet.be:
>
> > Thx James,
> >
> > I'm especially interested in the part "IAS authenticating the client
> > by quering AD"
> > 1/ what properties of the client certs does IAS need to match in AD ?
> > 2/ that means that you can prevent EAP-TLS to work by:
> > - revoking the client cert
> > or by
> > - deleting the computer/user account from AD
> >
> > Cheers,
> >
> > - Thomas -
> >
> >>snip<<
> >>
> >> For more information, see "Network access authentication and
> >> certificates" in Windows Server 2003 IAS or VPN Help, or on the web
> >> at
> >>
> > http://www.microsoft.com/resources/documentation/WindowsServ/2003/stand
> > ard/
> >> proddocs/en-
> >>
> > us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/p
> > rodd
> >> ocs/en-us/sag_VPN_und15.asp.
> >>
> >>
> >>
> >> --
> >> James McIllece, Microsoft
> >>
> >> Please do not send email directly to this alias. This is my online
> > account
> >> name for newsgroup participation only.
> >>
> >> This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> >
> >
> >
>
>
>
> --
> James McIllece, Microsoft
>
> Please do not send email directly to this alias. This is my online
account
> name for newsgroup participation only.
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.

Relevant Pages

  • Re: EAP-TLS / Radius & AD
    ... The minimum certificate requirements provided in the topic link below will ... If you delete the client account from AD or revoke the certificate, ... This posting is provided "AS IS" with no warranties, and confers no rights. ...
    (microsoft.public.internet.radius)
  • Re: Help! Cant create a web app!
    ... Thx for the reply. ... I know this may sound a little, but exactly what privleges do I need to give to what account? ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Windows 2000 passwords
    ... Thx ... account. ... >> I have a Win2K TS server. ...
    (microsoft.public.win2000.security)
  • Re: Lost Admin Password, HELP!
    ... An administrator account was created and a password was also set, ... thx. ... >> I have lost the admin password to my machine which is Windows XP pro SP2 ... >> to recover it without a recovery floppy or cd? ...
    (microsoft.public.windowsxp.general)
  • Re: Lost Admin Password, HELP!
    ... An administrator account was created and a password was also set, ... thx. ... >> I have lost the admin password to my machine which is Windows XP pro SP2 ... >> to recover it without a recovery floppy or cd? ...
    (microsoft.public.windowsxp.customize)