I'm having problems getting EAP-TLS to work when a client machine needs to connect to a WLAN. I can make each user get a user cert from my CA and if I use an admin account I can get windows to put these certs into the machine store, but when it comes to a login attempt my RADIUS failure messages look like host/axelfoley001 instead of host/MACHINE001xp, which is how the login looks on RADIUS when using EAP/PEAP.
Clients are WinXPSP3, and I'm using CiscoACS 4.1, MS Certificate Services CA.
When a user gets its own cert it can log into the WLAN fine after already logging onto the machine, but i can't seem to figure out how to pass the machine name with the cert on machine login (pre-auth).
Do I need to alter some setting in the cert to pass a different user/machine name or do i need to get a different kind of cert from the CA?
Any help will be greatfully received.
It sounds like your supplicant isn't configured to use machine credentials. In WZC there is a checkbox for "user machine credentials if available".... Perhaps that isn't enabled?
Or perhaps you don't have a machine cert on the computer. You mentioned a "user cert", but I think if you want machine credentials, don't you need a certificate for the machine itself? I could be wrong on this though.