|
|
|
|
|
|||||||
 |
Wireless Networking - Unable to connect using machine certificate |
|
|
Thread Tools | Search this Thread |
11-29-2005, 05:39 PM
|
#1 |
Unable to connect using machine certificate
I have setup an enterprise RADIUS server to manage a wireless network. I
created a certificate using the built in certificate authority on the RADIUS server and am running into trouble connecting a workstation. If I import the certificate (*.pfx) into the current user's personal certificate store then that user can connect to the network (the logon script will only work once that user has logged on using the cached credential then logged off and back on). If I import the certificate into the local computer certificate store the computer can't find the certificate to authenticate with the RADIUS server. The workstation is a Windows xp pro sp2 machine. I think the RADIUS server is setup correctly because if the certificate is in the current user certificate store then that user can connect. I know this is kinda vague but I am hoping someone has run into the same type of problem. Thanks, Bill Microsoft news |
|
|
|
11-29-2005, 06:14 PM
|
#2 |
|
Posts: n/a
|
Re: Unable to connect using machine certificate
Hi Bill,
There two types of certificates that a machine can use: Computer certificates and Workstation Authentication Certificates. I think that a user certificate cann't be used as workstation authentication certificate. We have used Autoenrollment features to distribute computer certificates and workstation authentication certificates. You also can get a computer certificate from your certificates snap-in (computer, not user) personal folder. For example, we have published the wokstation authentication certificates(W3K), by changing the template security to permit autoenroll for Domain Computers, after this, on certificate authority mmc, right clicking on Certificates Templates node, chosing New > Certificate Template to Issue and selecting the correct templates to be published. You need only a computer certificate issued to your computer domain account. With this in place your workstation can open a wireless connection before a user logon. Your IAS Radius Policy should permit this logon type, if you have selected specific domain groups, including the Domain Computers group. I hope that this help you. TKS Washington Moreira "Microsoft news" <> wrote in message news:... >I have setup an enterprise RADIUS server to manage a wireless network. I >created a certificate using the built in certificate authority on the >RADIUS server and am running into trouble connecting a workstation. If I >import the certificate (*.pfx) into the current user's personal certificate >store then that user can connect to the network (the logon script will only >work once that user has logged on using the cached credential then logged >off and back on). If I import the certificate into the local computer >certificate store the computer can't find the certificate to authenticate >with the RADIUS server. The workstation is a Windows xp pro sp2 machine. >I think the RADIUS server is setup correctly because if the certificate is >in the current user certificate store then that user can connect. > > I know this is kinda vague but I am hoping someone has run into the same > type of problem. > > Thanks, > Bill > Washington Moreira |
|
|
|
10-19-2006, 05:01 PM
|
#3 |
|
Junior Member
Join Date: Oct 2006
Posts: 1
|
[quote=Washington Moreira]Hi Bill,
There two types of certificates that a machine can use: Computer certificates and Workstation Authentication Certificates. I think that a user certificate cann't be used as workstation authentication certificate. We have used Autoenrollment features to distribute computer certificates and workstation authentication certificates. You also can get a computer certificate from your certificates snap-in (computer, not user) personal folder. For example, we have published the wokstation authentication certificates(W3K), by changing the template security to permit autoenroll for Domain Computers, after this, on certificate authority mmc, right clicking on Certificates Templates node, chosing New > Certificate Template to Issue and selecting the correct templates to be published. You need only a computer certificate issued to your computer domain account. With this in place your workstation can open a wireless connection before a user logon. Your IAS Radius Policy should permit this logon type, if you have selected specific domain groups, including the Domain Computers group. I hope that this help you. TKS Washington, may I ask you how do enable workstation authenticaton. We have an OU that contains around 200 kiosks that we want to authenticate themselves before connecting to the domain. How do I enable it in GPO? We do intend using autoenrollment... How do I verify that authentication actually takes place? Thank you AlonPurim |
|
|
|
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Please Help! Unable to Connect to Wireless Internet | redshirt4 | General Help Related Topics | 0 | 10-08-2009 07:44 PM |
| Unable to Connect to wireless internet | redshirt4 | General Help Related Topics | 0 | 10-06-2009 12:52 PM |
| pcAnywhere and Brother fax machine on same phoen line | bem522 | Software | 0 | 07-20-2007 04:20 PM |
| SSL certificates | JohnO | A+ Certification | 4 | 10-29-2006 06:57 PM |
| connect usb drive to xp machine - sometimes reboots? | 6ftplus | A+ Certification | 4 | 08-23-2005 04:28 AM |
