10-22-2007 03:28 PM - edited 07-03-2021 02:49 PM
Greetings-
I am having an issue with getting machine authentication to work.
I have:
Windows Server 2003 with AD, certificate services, and IAS installed.
Windows XP client - SP2 with WPA MS fixes. Installed machine cert from CA.
4400 controller with 4.1x code. RADIUS is configured correctly.
When I use PEAP, the client associates.
When I select "use machine account..." option I don't see anything happen on the client or server that would indicate that machine authentication was attempting.
Any ideas where to start? Could this be an issue with certificates on the client?
Thanks!
10-22-2007 06:43 PM
Read over this and see if this helps you.
11-09-2007 04:03 PM
I'd check out TechRepublic's ultimate guide to enterprise wireless LAN security. It has a very good section on using self signed certs for machine authentication in a windows environment. I'm assuming you are wanting to do that so you won't have to use cached credentials.
http://i.t.com.com/i/tr/downloads/home/gou_secure-wireless-guide.pdf
11-11-2007 05:37 AM
Thanks, I had seen that doc...
I was using machine certs to authenticate. My problem turned out to be the fact that it is required that one adds two registry entries to make the computer authenticate as required. Below are the dword entries. They change the behavior of the supplicant. One tells the system to do Machine auth. Without it (on XP sp2), the client will never try to authenticate prior to user logon. The other controls the authentication behavior upon user logon. By default, the client wants to do PEAP once a user logs on.
HKEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters\General\Global\AuthMode (
HKEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters\General\Global\SupplicantMode
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide