cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5179
Views
0
Helpful
3
Replies

EAP-TLS Machine Authentication/Certificate

Hi,

I'm having problems getting EAP-TLS to work when a client machine needs to connect to a WLAN.  I can make each user get a user cert from my CA and if I use an admin account I can get windows to put these certs into the machine store, but when it comes to a login attempt my RADIUS failure messages look like host/axelfoley001 instead of host/MACHINE001xp, which is how the login looks on RADIUS when using EAP/PEAP.

Clients are WinXPSP3, and I'm using CiscoACS 4.1, MS Certificate Services CA.

When a user gets its own cert it can log into the WLAN fine after already logging onto the machine, but i can't seem to figure out how to pass the machine name with the cert on machine login (pre-auth).

Do I need to alter some setting in the cert to pass a different user/machine name or do i need to get a different kind of cert from the CA?

Any help will be greatfully received.

Thanks,

1 ACCEPTED SOLUTION

Accepted Solutions

weterry
Enthusiast
Enthusiast

It sounds like your supplicant isn't configured to use machine credentials. In WZC there is a checkbox for "user machine credentials if available".... Perhaps that isn't enabled?

Or perhaps you don't have a machine cert on the computer.  You mentioned a "user cert", but I think if you want machine credentials, don't you need a certificate for the machine itself? I could be wrong on this though.

View solution in original post

3 REPLIES 3

Robert.N.Barrett_2
Enthusiast
Enthusiast

Are you trying to do machine only authentication?  If you are using Wireless Zero Config, then have you configured the client for machine only auth?

http://support.microsoft.com/kb/929847

weterry
Enthusiast
Enthusiast

It sounds like your supplicant isn't configured to use machine credentials. In WZC there is a checkbox for "user machine credentials if available".... Perhaps that isn't enabled?

Or perhaps you don't have a machine cert on the computer.  You mentioned a "user cert", but I think if you want machine credentials, don't you need a certificate for the machine itself? I could be wrong on this though.

it was an issue with the machine certificate.  I've not actually had it working yet, but I'm sure a proper machine cert from the CA is what it needs.

thanks for the responses.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: