Need help troubleshooting Machine Authentication...

Unanswered Question
Oct 22nd, 2007

Greetings-


I am having an issue with getting machine authentication to work.


I have:


Windows Server 2003 with AD, certificate services, and IAS installed.


Windows XP client - SP2 with WPA MS fixes. Installed machine cert from CA.


4400 controller with 4.1x code. RADIUS is configured correctly.


When I use PEAP, the client associates.


When I select "use machine account..." option I don't see anything happen on the client or server that would indicate that machine authentication was attempting.


Any ideas where to start? Could this be an issue with certificates on the client?



Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
tmoffett Sun, 11/11/2007 - 05:37

Thanks, I had seen that doc...


I was using machine certs to authenticate. My problem turned out to be the fact that it is required that one adds two registry entries to make the computer authenticate as required. Below are the dword entries. They change the behavior of the supplicant. One tells the system to do Machine auth. Without it (on XP sp2), the client will never try to authenticate prior to user logon. The other controls the authentication behavior upon user logon. By default, the client wants to do PEAP once a user logs on.


HKEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters\General\Global\AuthMode (


HKEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters\General\Global\SupplicantMode

Actions

This Discussion

 

 

Trending Topics - Security & Network