Re: HP Procurve 2626 - port-based access IAS EAP-LTS doesn't work

=?Utf-8?B?QmVubnkgSHV5Z2hl?= <BennyHuyghe@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in news:0671CB37-88D6-478B-9FB0-57CB28307DEC@xxxxxxxxxxxxx:

I would like to use computer certs only, at this moment I activated
user & computer certs.
The goal is to implement autoenrollment, for the moment I installed
the certificate with the webbrowser on the client.
I would like to implement a solution that causes the least overhead,
but the procurve only supports EAP-TLS & CHAP MD5.

Thank you.

"James McIllece [MS]" wrote:

=?Utf-8?B?QmVubnkgSHV5Z2hl?= <BennyHuyghe@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in news:7BB04D4E-44F1-4C50-A0DA-C0846EBB6D7B@xxxxxxxxxxxxx:

I think the problem is already with the configuration of the
switch: configuration of switch:
radius-server host 10.0.0.10 key xxxxxxxxxxx
aaa authentication port-access eap-radius
Am I missing something, I suppose this command should prevent a
non-domain laptop getting an ip adress.


It depends on how you deploy EAP-TLS -- are you using computer certs
or user certs? What is the method you used to deploy certificates --
autoenrollment, smart card, etc...?


--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online
account name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no
rights.


The first thing is to make sure the client and user certificates are
properly configured. To configure the certs, you must open Certificate
Templates, make a copy of the cert you want to use, and then configure the
cert according to the minimum computer certificate requirements section in
"Network access authentication and certificates" in Windows Server 2003 IAS
or VPN Help, or on the web at
http://technet2.microsoft.com/windowsserver/en/library/9d8b61c9-a870-4627-
a8f2-148625fd7fba1033.mspx

--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
.

Relevant Pages

  • Re: Client certificate error with web services
    ... The number of times that client certificate issues turn out to be easy to ... Joe Kaplan-MS MVP Directory Services Programming ... Assuming that the CNs are the same in both certs, ... Authentication is via client certificates. ...
    (microsoft.public.dotnet.security)
  • Re: makecert EnvelopedData bad key
    ... >> certificate, issued to server is what you might need. ... >> Note that it if you use this approach, you might want have the client issued a cert too. ... If you want confidentiality, you need encryption (over the wire with SSL, ... if I could only work out these certs. ...
    (microsoft.public.platformsdk.security)
  • Re: ADFS Proxy setup?
    ... you need a client certificate for the proxy. ... SelfSSL is used for doing SSL certs, ...
    (microsoft.public.windows.server.active_directory)
  • Re: PLEASE HELP ! L2TP & Certificates
    ... server are issued from the same CA. ... I am just guessing but does the root cert get installed on your client when ... u import the certs? ... do I have to install a certificate on the VPN server for EVERY ...
    (microsoft.public.win2000.ras_routing)
  • Re: ADFS and Certificate Services
    ... ADFS even allows you to do client certificate ... Joe Kaplan-MS MVP Directory Services Programming ... We just want to be able to give out certs to our own ... sub-CA on the internet for employees to access remotely to get certs. ...
    (microsoft.public.windows.server.active_directory)