Re: Certificate wireless user issue
- From: "Thomas K" <thomas@xxxxxxxxx>
- Date: Fri, 26 Aug 2005 07:47:12 +0200
Wireless provisionning should occur through a wired connection !
/T
"Gonzox77" <Lginet@xxxxxxxxxxxxx> wrote in message
news:181e980c1e670a3ad53fc81efdf845e2@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Hi everyone
>
> Here is my dilemma. I am having issues assigning certificates to my users
> through a wireless connection. I have auto enerollment enabled with a
> GPO.
> If I connect using a cable my user will get the certificate assigned to
> them. So my question is how do I assign certs to users that are logging
> in to a wireless workstation automatically?
>
> I asked this last year, but our wireless project got put on hold. And I
> just started it up last week. So this is where I left off and starting
> from again. One replay I got last year is ,
> ************************************************************************
> If your out there thanks again Mark..
>
> "One option is to make sure your Remote access policy allows PEAP as well
> as
> EAP-TLS. The user can connect first then acquire their certificate, then
>
> change over to EAP-TLS. This is a bit user intensive.
> If your machine certs are all there and working and the computer accounts
>
> are granted access via the remote access policy, I have had luck with the
>
> user auto-enrolment. There is a point when the user logs in that the
> where the port authentication is switched from the computer's security
> context
> to the user's. I have had luck getting auto-enrolled during this period.
>
> I'm not sure as to the exact point that the context switches. It my be
> initiated by windows or it might not be until the AP requires
> reauthentication. Maybe someone from MS will have that answer."
>
> Cheers,
> --
> Mark Gamache
>
> Not sure how to also allow PEAP
> *************************************************
> Also MS recommends enable guest authentication.
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/60fa5de5-58a0-4673-be1e-dd24fb1014a4.mspx
>
> "If you are using certificate authentication with EAP-TLS and initially
> installing a user certificate on your wireless clients over a wireless
> connection, enable guest authentication.
> If you are using certificate authentication with EAP-TLS and initially
> installing a user certificate on your wireless clients over a wireless
> connection, use the New Remote Access Policy Wizard to create a custom
> policy for new wireless clients (clients that do not have user
> certificates). Set the NAS-Port-Type condition to Wireless-IEEE 802.11 and
> Wireless-Other, and the Windows-Groups condition to Guests. On the Dial-in
> Constraints tab of the profile, restrict the maximum session time to 10
> minutes. On the Advanced tab of the profile, add the Tunnel-Type attribute
> with the value of Virtual LANs (VLAN), and then add the
> Tunnel-Pvt-Group-ID
> attribute with the VLAN ID value that corresponds to guest wireless
> clients."
>
> I am not liking this option to much
>
> So does anyone one know a solution for my dilema
>
>
> Thanks
>
> GonzoX77
>
>
.
- References:
- Certificate wireless user issue
- From: Gonzox77
- Certificate wireless user issue
- Prev by Date: Re: Saving Logfiles on another Server
- Next by Date: !! PEAP/MSCHAPV2 : Windows CLient works, NOT the intel Client .. !!
- Previous by thread: Certificate wireless user issue
- Next by thread: !! PEAP/MSCHAPV2 : Windows CLient works, NOT the intel Client .. !!
- Index(es):
Relevant Pages
|
