Solved: EAP-TLS over wireless

chris-atkins · ‎06-11-2010

Quick question for you EAP experts out there.

I want to be able to deploy EAP-TLS I understand that you need a machine and user certificate, does this mean that i would have to place the cetificate for each user account on that paticular laptop if utilised by more than one menber of staff ?

Thanks in advance.

Chris

jhedstr2 · ‎06-16-2010

Hi Chris,

If many users share clients, it can be problem that all users certificate have to be on the shared hardware. I had this issue in a school, and we ended up with using EAP-TLS and only hardware certificate. You don’t get full security in this case since you only verify the hardware, but on the other hand, the user have to log in to the domain, so users will be verified as well. Just not by the wireless system.

//Johan

View solution in original post

andrew.prince · ‎06-11-2010

Chris,

EAP-TLS authentication requires computer and user certificates on the wireless client.

HTH>

jhedstr2 · ‎06-16-2010

Hi Chris,

If many users share clients, it can be problem that all users certificate have to be on the shared hardware. I had this issue in a school, and we ended up with using EAP-TLS and only hardware certificate. You don’t get full security in this case since you only verify the hardware, but on the other hand, the user have to log in to the domain, so users will be verified as well. Just not by the wireless system.

//Johan

Elliott Shawd · ‎06-16-2010

I would setup a new radius login specifically for that client

and configure all accounts on the client to use

the same credentials and cert to logon to the wireless network.

chris-atkins · ‎06-17-2010

All makes sense now, thanks everyone.