10-19-2010 04:22 AM - edited 07-03-2021 07:18 PM
Hi All, has anybody experiences with the use of Wireless Zero Configuration, TLS with Machine Certificates and User Authentication with PEAP via ACS and MS AD? I heard that XP SP3 is able to do that, but cant find any Documentation.
Regards, Michael
10-19-2010 05:50 AM
You might have a look here:
http://technet.microsoft.com/en-us/library/cc755892%28WS.10%29.aspx
Settings for machine + user auth would be:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General\Global]
"AuthMode"=dword:00000001
"SupplicantMode"=dword:00000003
and in your network interface card properties, in the authentication tab, do not forget to check "authenticate as
computer when computer information is available".
You machine needs to be part of a domain to have machine credentials.
10-19-2010 06:16 AM
Michael,
I have done PEAP and EAP-TLS with Windows XP SP3 and ACS 5.2 against an Windows 2003 AD Server with no issues and not having to edit the registry. I have a lab that is configured to do exactly that and it authenticates the computer first then the user, if the computer fails authentication then it doesn't permit the user to login. I haven't found a definitive step by step guide to this configuration either. there is a document that has the basic PEAP configuration for WZC and ACS 4.X posted somewhere here that I had created, but that's it.. All my setup information came from bits and pieces extracted from various documents.
Thanks
Kayle
10-19-2010 06:34 AM
Guys, thanks a lot. Will set it up in my Lab the Next days.
Bright Regards, Michael
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide