IAS forwarding / Multi-Forest / CA Requirement - trusted authority in PEAP properties
- From: gwwmcse@xxxxxxxxx
- Date: 1 Feb 2007 21:47:15 -0800
Hello,
Scenario:
* Setup for 802.1x machine only authentication. "Protected PEAP"
* 2 forests, 1 domain in each.
* IAS is setup to forward requests to other domain if a computer
starts 802.1x authentication on it's switch.
* Forwarding is working great between forests.
Problem:
As part of the migration strategy, I need to manually check the CA
root to trust in the PEAP properties on the client machines for cross-
forest forwarding between IAS servers. This is fine to do with a few
clients, but need to automate this because there are alot. Here is
the location:
Network Connections --> Local Area Connection --> Properties -->
Authentication Tab --> Properties --> "Trusted Root Authority"
a) I need to be able to automate the selection of the Root Certificate
Authority. Otherwise I have to check this manually during the
migration (and co-existance). How do I do this?
I have looked into a registry key and placed the thumbprint hash of
the CA in it with no success:
IEEE 802.1x Certificate Authority for Machine Authentication
HKLM\Software\Policies\Microsoft\Windows\Network Connections\8021X!
8021XCARootHash
b) Is there a special format for this HASH value other than the obious
"aa bb cc dd" ???
c) With this registry key present, will this work even if the box is
not visually checked?
Thanks in advance!
-Greg
.
- Follow-Ups:
- Prev by Date: ANN: IAS Log Viewer v2.33 was released
- Next by Date: RE: Configure Auth (802.1X) settings for Win2000 Clients
- Previous by thread: ANN: IAS Log Viewer v2.33 was released
- Next by thread: RE: IAS forwarding / Multi-Forest / CA Requirement - trusted authority
- Index(es):
Relevant Pages
|
Loading
