Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Wireless Networking > Unable to connect using machine certificate

Reply
Thread Tools

Unable to connect using machine certificate

 
 
Microsoft news
Guest
Posts: n/a
 
      11-29-2005
I have setup an enterprise RADIUS server to manage a wireless network. I
created a certificate using the built in certificate authority on the RADIUS
server and am running into trouble connecting a workstation. If I import
the certificate (*.pfx) into the current user's personal certificate store
then that user can connect to the network (the logon script will only work
once that user has logged on using the cached credential then logged off and
back on). If I import the certificate into the local computer certificate
store the computer can't find the certificate to authenticate with the
RADIUS server. The workstation is a Windows xp pro sp2 machine. I think
the RADIUS server is setup correctly because if the certificate is in the
current user certificate store then that user can connect.

I know this is kinda vague but I am hoping someone has run into the same
type of problem.

Thanks,
Bill


 
Reply With Quote
 
 
 
 
Washington Moreira
Guest
Posts: n/a
 
      11-29-2005
Hi Bill,
There two types of certificates that a machine can use: Computer
certificates and Workstation Authentication Certificates.
I think that a user certificate cann't be used as workstation authentication
certificate.
We have used Autoenrollment features to distribute computer certificates and
workstation authentication certificates.
You also can get a computer certificate from your certificates snap-in
(computer, not user) personal folder.
For example, we have published the wokstation authentication
certificates(W3K), by changing the template security to permit autoenroll
for Domain Computers, after this, on certificate authority mmc, right
clicking on Certificates Templates node, chosing New > Certificate Template
to Issue and selecting the correct templates to be published.

You need only a computer certificate issued to your computer domain account.
With this in place your workstation can open a wireless connection before a
user logon. Your IAS Radius Policy should permit this logon type, if you
have selected specific domain groups, including the Domain Computers group.

I hope that this help you.

TKS

Washington Moreira

"Microsoft news" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I have setup an enterprise RADIUS server to manage a wireless network. I
>created a certificate using the built in certificate authority on the
>RADIUS server and am running into trouble connecting a workstation. If I
>import the certificate (*.pfx) into the current user's personal certificate
>store then that user can connect to the network (the logon script will only
>work once that user has logged on using the cached credential then logged
>off and back on). If I import the certificate into the local computer
>certificate store the computer can't find the certificate to authenticate
>with the RADIUS server. The workstation is a Windows xp pro sp2 machine.
>I think the RADIUS server is setup correctly because if the certificate is
>in the current user certificate store then that user can connect.
>
> I know this is kinda vague but I am hoping someone has run into the same
> type of problem.
>
> Thanks,
> Bill
>



 
Reply With Quote
 
 
 
 
AlonPurim AlonPurim is offline
Junior Member
Join Date: Oct 2006
Posts: 1
 
      10-19-2006
[QUOTE=Washington Moreira]Hi Bill,
There two types of certificates that a machine can use: Computer
certificates and Workstation Authentication Certificates.
I think that a user certificate cann't be used as workstation authentication
certificate.
We have used Autoenrollment features to distribute computer certificates and
workstation authentication certificates.
You also can get a computer certificate from your certificates snap-in
(computer, not user) personal folder.
For example, we have published the wokstation authentication
certificates(W3K), by changing the template security to permit autoenroll
for Domain Computers, after this, on certificate authority mmc, right
clicking on Certificates Templates node, chosing New > Certificate Template
to Issue and selecting the correct templates to be published.

You need only a computer certificate issued to your computer domain account.
With this in place your workstation can open a wireless connection before a
user logon. Your IAS Radius Policy should permit this logon type, if you
have selected specific domain groups, including the Domain Computers group.

I hope that this help you.

TKS

Washington,

may I ask you how do enable workstation authenticaton.

We have an OU that contains around 200 kiosks that we want to authenticate themselves before connecting to the domain.

How do I enable it in GPO?

We do intend using autoenrollment...

How do I verify that authentication actually takes place?

Thank you
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
smtp error: unable to connect to remote server...No connection could be made because the target machine actively refused it Homer ASP .Net 2 08-13-2007 05:39 PM
Unable to renew IP address/unable to connect to wireless network =?Utf-8?B?SmFzZXlCb3k=?= Wireless Networking 1 12-22-2005 04:28 AM
Xp machine causes ME machine to get error 'unable to browse networ =?Utf-8?B?Sm9obg==?= Wireless Networking 1 12-01-2005 03:15 PM
Can't connect to local machine with anything except IE Other browsers can't connect without password Otis Mukinfus ASP .Net 3 07-08-2005 03:54 AM



Advertisments