RE: 802.1x, Computers, Wired Security

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

My client is XPSP3 so where can I find the XML files to enable computer auth?

Thanks

"Miles Li [MSFT]" wrote:


Hello,

Yes, you cannot use PEAP-MS-CHAPv2 for computer authentication because user
credentials (user name and password) are required for authentication when
using PEAP-MS-CHAPv2. You can use PEAP-TLS or EAP-TLS for computer
authentication.

To use PEAP-TLS or EAP-TLS for computer authentication, you need to issue a
computer certificate from CA on the client for connections that use Secure
Sockets Layer (SSL) encryption and Transport Level Security (TLS)
encryption. Please refer to the following Microsoft Knowledge Base article
to ensure that client and server certificate requirements for EAP-TLS have
been met.

814394 Certificate requirements when you use EAP-TLS or PEAP with
EAP-TLS
http://support.microsoft.com/kb/814394

On the Windows XP SP3, by default the authentication mode is set to 1 for
wired 802.1X network. In this scenario, if computer authentication is
successful, a subsequent user logon results in a re-authentication with
user credentials. The user credentials are used for subsequent
authentication or re-authentication. You may configure the authentication
mode to Machine Only to enable computer-only authentication to see whether
it works.

949984 Changes to the 802.1X-based wired network connection
settings in Windows XP Service Pack 3
http://support.microsoft.com/kb/949984/

929847 How to enable computer-only authentication for a
802.1X-based network in Windows Vista
http://support.microsoft.com/kb/929847/

Hope it helps. If there's anything else about this issue I can do for you,
please do not hesitate to let me know.



Best regards,
Miles Li

Microsoft Online Partner Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


.

Relevant Pages

  • Re: BASIC authentication Issues with IE - Part II - Solved but WHY?
    ... it does not know the difference between a request from IE or from ... some other HTTP client. ... Some other authentication schemes are more ... IIS can sometimes remember the token for a particular set of credentials so ...
    (microsoft.public.inetserver.iis.security)
  • Re: ISAPI Authentication
    ... The job of your authentication filter is to accept ... non-Windows credentials from the client and then map them to a Windows ...
    (microsoft.public.inetserver.iis.security)
  • Re: Windows Integrated Auth/Basic Auth
    ... Both Basic and Windows Integrated authentication save their credentials on ... you need to convince the client browser to ... >> Windows Authentication on my web app to give an access ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Anonymous and integrated authentication for Web service
    ... I tried changing values in the UseDefaultCredentials and Credentials ... You need to write the client appropriately. ... Given this are you saying they both can call the same web service? ... Integrated Windows authentication ...
    (microsoft.public.inetserver.iis.security)
  • RE: simulating asp.net impersonation
    ... And this will depend on the client credential passed from the ... windows, webservice dosn't support interactive ... through the proxy class's Credentials property and specify the ... Message to contain our custom authentication info. ...
    (microsoft.public.dotnet.framework.windowsforms)