Re: Smart card EAP authenticarion on Windown 2003 RRAS server

From: "Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&LastNameHere@xxxxxxxxxxx>
Date: Sat, 18 Feb 2006 12:18:35 -0500

In news:592930F1-AB13-4108-9260-7448E0D700D8@xxxxxxxxxxxxx,
Borivoj Maras <BorivojMaras@xxxxxxxxxxxxxxxxxxxxxxxxx> stated, which I
commented on below:

Hi

I am setting up RRAS server and need some help. I configured remote
access policies to allow only EAP 'Smart card or other certificate'
authentication. Everything is working fine; clients can authenticate
using their smart cards or certificates stored on their computers.

But, I would like to permit access only to users who can authenticate
by smart cards, and to disable authentication by 'other
certificates'. There is no 'ONLY Smart card' EAP type that I could
use.

Does anyone know who to accomplish that?

Thanks
Borivoj Maras

Use IAS to authenticate using only Smart Card.

You may be better off posting this to the microsoft.public.security.crypto
newsgroup for more specific help than in this group.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.

Not sure how? It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Assimilation Imminent. Resistance is Futile.
Infinite Diversities in Infinite Combinations.

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy.
===========================

.

Prev by Date: SBS 2003 RRAS ERROR...
Next by Date: Re: no rdc to client machine can't disable firewall
Previous by thread: SBS 2003 RRAS ERROR...
Next by thread: Re: no rdc to client machine can't disable firewall
Index(es):
- Date
- Thread

Relevant Pages

Re: Certificate Services - What is it?
... Are you looking to get strong authentication of the clients or just protect ... SSL does require certificates, ... authenticate the server to the user and to authenticate the user to the ...
(microsoft.public.security)
Re: Data security question in MCSE 70-270 exam
... So if a laptop is pinched with EFS files on it and one of the password ... YOu install the certificates on a PC Smart Card that is ...
(microsoft.public.win2000.security)
Re: Where is the 2k/XP certificate store in the registry?
... > what you are describing is true for all certificate purposes but EFS. ... > certificates on smart card. ... >> for the private key store, ...
(microsoft.public.windowsxp.security_admin)
Re: Winlogon Copies Certificates from Smart Card to MY Store
... > It seems like Winlogon, starting from Windows XP, reads the certificates from ... > an inserted Smart Card, and puts them in MY Certificate Store. ... We still want to use Smart Cards for Windows logon.) ... > that winlogon overwrites the certificate we have inserted. ...
(microsoft.public.platformsdk.security)
Re: Using Smartcard with PK-INIT does not respond
... Client certificates were generated similarly only with the ... I was able see that is was complaining that the smart card had four ... no further fragments are sent. ...
(comp.protocols.kerberos)