Re: EAP-TLS on PocketPC problems

From: "John Grisham" <joiner@xxxxxxxxx>
Date: Thu, 21 Sep 2006 12:44:45 -0400

Same problem, more details...

I'm running an iPAQ 4700 with WM5.
I imported my user certificate from my desktop into the Pocket PC to use
802.1x with EAP-TLS. However, when the PPC tries to connect asks for a
username and domain, after carefully examining IAS logs and retrying to
connect several times I noticed several things:

1. When I write no domain name, the IAS receives no authentication
attempts, so I guest the PPC is not sending them.
2. When I write the username (not UPN) and domain name, the IAS receives
no authentication attempts, so I guest the PPC is not sending them.
3. When I write the username in UPN format and the domain name, the IAS
logs an event telling username (for example: DOMAIN\user@xxxxxxxxxx) is
unknown. I guest in this case th PPC send the authentication request 'cause
it was able to match the user UPN name to the name in the certificate. So
the problem is caused by the request being formated to DOMAIN\username
format. I suppose it should work if no domain were sent to IAS, but I have
no way to ignore this...

All in all is pretty disappointing. I tried Juniper OAC and the results
were negative. Once isntalled the client I was able to authenticate an hence
connect to the network, which is encripted using WPA-TKIP. However, once I
soft reset the device, Juniper OAC no longer works/detects the network card,
and WZC is disabled, so the only remedy is to uninstall and start over the
whole process.

So anyone has any ideas to suggest???

Best regards to all...

<andersmariusjorgensen@xxxxxxxxx> wrote in message
news:1154435811.233292.98750@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hello,

Scenario:
Pocket PC running Version 4.20.0 (build 14053).
User and root certificates has been installed.
PEAP is working just fine.
However EAP-TLS does not work!

Laptops running windows XP are using EAP-TLS just fine.

What must be validated in order to troubleshoot this ?!?

Regards,

Anders

Follow-Ups:
- Re: EAP-TLS on PocketPC problems
  - From: Irving Berlin

Prev by Date: Re: WM5: Downloading entire message in Pocket Hotmail
Next by Date: Re: EAP-TLS on PocketPC problems
Previous by thread: WM5: Downloading entire message in Pocket Hotmail
Next by thread: Re: EAP-TLS on PocketPC problems
Index(es):
- Date
- Thread

Relevant Pages

Re: IAS Certificate Error
... > I have bought a VERISGN certificate and installed it on the IAS ... Can you see the server certificate in the IAS UI? ... click Edit Profile, then Authentication tab, then EAP ...
(microsoft.public.internet.radius)
Re: Only validate certificate, not AD account !
... wireless network using computer certificate, IAS, and stand-alone CA. ... the client cannot connect to the ... authentication (disabling AuthMode registry key and creating a user ...
(microsoft.public.internet.radius)
Re: IAS Certificate Error
... >> RADIUS server ... >> I have bought a VERISGN certificate and installed it on the IAS ... click Edit Profile, then Authentication tab, then ...
(microsoft.public.internet.radius)
Cant authenticate using IAS (with EAP-TLS) for Wireless network.
... Wireless network with 128-bit WEP and 802.1X Authentication. ... running DNS, DHCP, IAS and as a CA. ... I have issued each client system a User ... and Computer certificate and they are all correct and valid. ...
(microsoft.public.win2000.security)
Re: How to get the username from the Certificate
... > (although one might be a DN instead of the samAccountName in the context), ... >> I want the user name to be retrieved from the certificate. ... >> I need this username to use else where. ... >> The authentication part will be done by the IIS as u have ...
(microsoft.public.dotnet.security)