I'm used to using EAP-PEAP for wireless authentication, but now have a need to look at EAP-TLS (customer request).
I'm comfortable with certificates, but I'm trying to understand the standard login process for a Windows device. Is it standard practise to use the machine authentication using EAP-TLS - for example the machine name = CN (Common Name) attribute in the client certificate? I’m thinking, maybe the process is as follows;
Machine powers on...
In the background, EAP-TLS is used to authenticate the computer (machine authentication) to AD. This is done using the computer name (in the certificate using the CN attribute) and verifying against AD.
At this point, the machine is authenticated and connected to the wireless network (has IP connectivity).
The user now enters his/her username/password in the windows login box and authenticates directly to the AD domain - exactly the same as if they had a wired connection.
Is the above understanding correct? I'm trying to get my head around the user being authenticated without a password - which is the basis for EAP-TLS as I understand. Any common deployment strategies or advice will be highly appreciated :-)
If you want to use machine authentication you are not limited to EAP-TLS. PEAP also supports machine authentication (PEAP-MSCHAPv2 and PEAP-TLS).
Note that machine authentication is not same as EAP-TLS. With machine authentication you just try to find if the machine is a member of the domain or not. This is not necessarily utilizing any certificates for either the user or the machine.
IntroductionHow to use the Wireless LAN Controller Configuration Analyzer (WLCCA)
Javier Contreras is a Senior Tech Lead for the Wireless Business Unit in Cisco, with over 2 decades of experi...
< PRE >
(#)For this reason being that : - application that doesn't use multicast, sends one copy of each packet ( data unit of traffic at layer 3 ) to each client (" who seeks the traffic ).- application that does use multicast, sends ...
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...