I had configured everything for certificate authentication EAP-TLS in Windows 2003 AD with enterprise CA. After logging a machine to domain I receive a certificate for computer, then setup XP SP3 to reauthenticate perion 120 sec (by Microsoft KB). I try two different machines with XP to use EAP-TLS authentication, but reason is not toward success.
I use "authentication open" on switch therefore machines could communicate with whole network. Nothing appars in Failed Attempts.csv of Passed Attempts.csv (of couse).
Just list of RDS.log appears some activity ended with
NAS: 172.24.34.62:27910:25 Cleaning lookup entry. AND reapeted
If I change an authentication type to PEAP, and I had not it configured on ACS, than failed attempt log issue is arrised: EAP_PEAP Type not configured.
Is it necessary to use http://support.microsoft.com/kb/957931 on windows XP to success machine authentication?
Please let attentions to Attachments and let me know
what could be a problem of my unsuccessness of use EAP-TLS.
configuration of interface which I use for testing:
description Test 802.1X klient - Filip
switchport access vlan 34
switchport mode access
switchport voice vlan 31
authentication host-mode multi-domain
authentication port-control auto
authentication violation protect
dot1x pae authenticator
dot1x timeout tx-period 10