EAP-TLS login process.

Unanswered Question
Dec 6th, 2011

Hi all.

I'm used to using EAP-PEAP for wireless authentication, but now have a need to look at EAP-TLS (customer request).

I'm comfortable with certificates, but I'm trying to understand the standard login process for a Windows device. Is it standard practise to use the machine authentication using EAP-TLS - for example the machine name = CN (Common Name) attribute in the client certificate? I’m thinking, maybe the process is as follows;

  • Machine powers on...
  • In the background, EAP-TLS is used to authenticate the computer (machine authentication) to AD. This is done using the computer name (in the certificate using the CN attribute) and verifying against AD.
  • At this point, the machine is authenticated and connected to the wireless network (has IP connectivity).
  • The user now enters his/her username/password in the windows login box and authenticates directly to the AD domain - exactly the same as if they had a wired connection.

Is the above understanding correct? I'm trying to get my head around the user being authenticated without a password - which is the basis for EAP-TLS as I understand. Any common deployment strategies or advice will be highly appreciated :-)

Thanks

Dazzler

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
Amjad Abdullah Sun, 08/26/2012 - 23:47

Hi Dazzler,

If you want to use machine authentication you are not limited to EAP-TLS. PEAP also supports machine authentication (PEAP-MSCHAPv2 and PEAP-TLS).

Note that machine authentication is not same as EAP-TLS. With machine authentication you just try to find if the machine is a member of the domain or not. This is not necessarily utilizing any certificates for either the user or the machine.

Check this: http://tiny.cc/g3sojw

This discussion can also be useful:

https://supportforums.cisco.com/thread/2053236

HTH

Amjad

You want to say "Thank you"?
Don't. Just rate the useful answers,
that is more useful than "Thank you".

Actions

This Discussion

 
 

Trending Topics - Security & Network