WZC, SSO with User and Machine Auth

MICHAEL SCHROEDER · ‎10-19-2010

Hi All, has anybody experiences with the use of Wireless Zero Configuration, TLS with Machine Certificates and User Authentication with PEAP via ACS and MS AD? I heard that XP SP3 is able to do that, but cant find any Documentation.

Regards, Michael

Bastien Migette · ‎10-19-2010

You might have a look here:

http://technet.microsoft.com/en-us/library/cc755892%28WS.10%29.aspx

Settings for machine + user auth would be:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General\Global]

"AuthMode"=dword:00000001

"SupplicantMode"=dword:00000003

and in your network interface card properties, in the authentication tab, do not forget to check "authenticate as
computer when computer information is available".

You machine needs to be part of a domain to have machine credentials.

Kayle Miller · ‎10-19-2010

Michael,

I have done PEAP and EAP-TLS with Windows XP SP3 and ACS 5.2 against an Windows 2003 AD Server with no issues and not having to edit the registry. I have a lab that is configured to do exactly that and it authenticates the computer first then the user, if the computer fails authentication then it doesn't permit the user to login. I haven't found a definitive step by step guide to this configuration either. there is a document that has the basic PEAP configuration for WZC and ACS 4.X posted somewhere here that I had created, but that's it.. All my setup information came from bits and pieces extracted from various documents.

Thanks

Kayle

MICHAEL SCHROEDER · ‎10-19-2010

Guys, thanks a lot. Will set it up in my Lab the Next days.

Bright Regards, Michael