Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5519
Views
0
Helpful
3
Replies

EAP-TLS Machine Authentication/Certificate

Go to solution
LCC Data Networks
Level 1
Level 1

‎11-20-2009 07:07 AM - edited ‎07-03-2021 06:16 PM

Hi,

I'm having problems getting EAP-TLS to work when a client machine needs to connect to a WLAN.  I can make each user get a user cert from my CA and if I use an admin account I can get windows to put these certs into the machine store, but when it comes to a login attempt my RADIUS failure messages look like host/axelfoley001 instead of host/MACHINE001xp, which is how the login looks on RADIUS when using EAP/PEAP.

Clients are WinXPSP3, and I'm using CiscoACS 4.1, MS Certificate Services CA.

When a user gets its own cert it can log into the WLAN fine after already logging onto the machine, but i can't seem to figure out how to pass the machine name with the cert on machine login (pre-auth).

Do I need to alter some setting in the cert to pass a different user/machine name or do i need to get a different kind of cert from the CA?

Any help will be greatfully received.

Thanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
weterry
Level 4
Level 4

‎11-21-2009 07:38 PM

It sounds like your supplicant isn't configured to use machine credentials. In WZC there is a checkbox for "user machine credentials if available".... Perhaps that isn't enabled?

Or perhaps you don't have a machine cert on the computer.  You mentioned a "user cert", but I think if you want machine credentials, don't you need a certificate for the machine itself? I could be wrong on this though.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Robert.N.Barrett_2
Level 4
Level 4

‎11-20-2009 11:32 AM

Are you trying to do machine only authentication?  If you are using Wireless Zero Config, then have you configured the client for machine only auth?

http://support.microsoft.com/kb/929847

0 Helpful

Go to solution
weterry
Level 4
Level 4

‎11-21-2009 07:38 PM

It sounds like your supplicant isn't configured to use machine credentials. In WZC there is a checkbox for "user machine credentials if available".... Perhaps that isn't enabled?

Or perhaps you don't have a machine cert on the computer.  You mentioned a "user cert", but I think if you want machine credentials, don't you need a certificate for the machine itself? I could be wrong on this though.

0 Helpful

Go to solution
LCC Data Networks
Level 1
Level 1
In response to weterry

‎12-04-2009 06:20 AM

it was an issue with the machine certificate.  I've not actually had it working yet, but I'm sure a proper machine cert from the CA is what it needs.

thanks for the responses.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card