EAP-TLS Machine Authentication/Certificate

Answered Question
Nov 20th, 2009
User Badges:

Hi,


I'm having problems getting EAP-TLS to work when a client machine needs to connect to a WLAN.  I can make each user get a user cert from my CA and if I use an admin account I can get windows to put these certs into the machine store, but when it comes to a login attempt my RADIUS failure messages look like host/axelfoley001 instead of host/MACHINE001xp, which is how the login looks on RADIUS when using EAP/PEAP.


Clients are WinXPSP3, and I'm using CiscoACS 4.1, MS Certificate Services CA.


When a user gets its own cert it can log into the WLAN fine after already logging onto the machine, but i can't seem to figure out how to pass the machine name with the cert on machine login (pre-auth).


Do I need to alter some setting in the cert to pass a different user/machine name or do i need to get a different kind of cert from the CA?


Any help will be greatfully received.


Thanks,

Correct Answer by weterry about 7 years 5 months ago

It sounds like your supplicant isn't configured to use machine credentials. In WZC there is a checkbox for "user machine credentials if available".... Perhaps that isn't enabled?


Or perhaps you don't have a machine cert on the computer.  You mentioned a "user cert", but I think if you want machine credentials, don't you need a certificate for the machine itself? I could be wrong on this though.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
weterry Sat, 11/21/2009 - 19:38
User Badges:
  • Silver, 250 points or more

It sounds like your supplicant isn't configured to use machine credentials. In WZC there is a checkbox for "user machine credentials if available".... Perhaps that isn't enabled?


Or perhaps you don't have a machine cert on the computer.  You mentioned a "user cert", but I think if you want machine credentials, don't you need a certificate for the machine itself? I could be wrong on this though.

LCC Data Networks Fri, 12/04/2009 - 06:20
User Badges:

it was an issue with the machine certificate.  I've not actually had it working yet, but I'm sure a proper machine cert from the CA is what it needs.


thanks for the responses.

Actions

This Discussion

Related Content

 

 

Trending Topics - Security & Network