06-11-2010 09:32 AM - edited 07-03-2021 06:52 PM
Quick question for you EAP experts out there.
I want to be able to deploy EAP-TLS I understand that you need a machine and user certificate, does this mean that i would have to place the cetificate for each user account on that paticular laptop if utilised by more than one menber of staff ?
Thanks in advance.
Chris
Solved! Go to Solution.
06-16-2010 05:43 AM
Hi Chris,
If many users share clients, it can be problem that all users certificate have to be on the shared hardware. I had this issue in a school, and we ended up with using EAP-TLS and only hardware certificate. You don’t get full security in this case since you only verify the hardware, but on the other hand, the user have to log in to the domain, so users will be verified as well. Just not by the wireless system.
//Johan
06-11-2010 10:27 AM
Chris,
EAP-TLS authentication requires computer and user certificates on the wireless client.
HTH>
06-16-2010 05:43 AM
Hi Chris,
If many users share clients, it can be problem that all users certificate have to be on the shared hardware. I had this issue in a school, and we ended up with using EAP-TLS and only hardware certificate. You don’t get full security in this case since you only verify the hardware, but on the other hand, the user have to log in to the domain, so users will be verified as well. Just not by the wireless system.
//Johan
06-16-2010 10:16 AM
I would setup a new radius login specifically for that client
and configure all accounts on the client to use
the same credentials and cert to logon to the wireless network.
06-17-2010 02:03 AM
All makes sense now, thanks everyone.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide