EAP-TLS certificates accross multiple computers?

jasonhumes — Sun, 04 Jul 2021 16:59:33 GMT

So I've got eap-tls working with W2k IAS/Certificate Services and an AP1100. My clients are all XP/2000 notebooks and each machine has a computer certificate. The problem is that the notebooks are generic (not user specific) and the notebook that user1 got today may not be the same notebook that user1 gets tomorrow and therefore he/she will not be able to login tomorrow (because their user certificate is stored on the first notebook they had...the one that they used to request the cert). Is there any way to have the user certificates follow the user, regardless of which PC to logon to the domain with? Maybe with romain profiles or something like that. Any ideas. Thanks.

Re: EAP-TLS certificates accross multiple computers?

scottmac — Wed, 15 Sep 2004 19:34:14 GMT

You could roll back to PEAP, using LDAP or MSCAHPv2 for authentication. You'll still authenticate the server and get dynamic keys, but the client authentication will still occur at the domain level.

Other than that, I don't think you can have a "mobile/portable" certificate (that would be more like a SecureID fob).

FWIW

Scott

topic Re: EAP-TLS certificates accross multiple computers? in Wireless

EAP-TLS certificates accross multiple computers?

Re: EAP-TLS certificates accross multiple computers?