802.1x EAP-TLS wireless networking - connect before logon

Discussion in 'Wireless Networking' started by Dr Zoidberg, Nov 1, 2005.

  1. Dr Zoidberg

    Dr Zoidberg Guest

    Hi there.
    I've set up a test lab using a windows XP SP2 laptop with built in W-LAN
    card using EAP-TLS authentication and WPA encryption to connect to a Cisco
    access point.
    The authentication is done using a Windows 2000 server using IAS and running
    as a certificate authority.

    It's working happily with users requesting a certificate from the CA via the
    web interface and they can then connect after they have logged onto the
    laptop (using cached credentials as there is no connection to the network
    yet).

    Can anyone point me in the direction of a guide to getting it authenticating
    the client PC (again via certificate) rather than the user and establishing
    the wireless connection before the user has logged on so that logon scripts
    etc will run reliably

    Thanks

    --
    Alex

    Hermes: "We can't afford that! Especially not Zoidberg!"
    Zoidberg: "They took away my credit cards!"

    www.drzoidberg.co.uk www.ebayfaq.co.uk
    Dr Zoidberg, Nov 1, 2005
    #1
    1. Advertising

  2. Dr Zoidberg schrieb:
    > Hi there.
    > I've set up a test lab using a windows XP SP2 laptop with built in W-LAN
    > card using EAP-TLS authentication and WPA encryption to connect to a Cisco
    > access point.
    > The authentication is done using a Windows 2000 server using IAS and running
    > as a certificate authority.
    >
    > It's working happily with users requesting a certificate from the CA via the
    > web interface and they can then connect after they have logged onto the
    > laptop (using cached credentials as there is no connection to the network
    > yet).


    To logon to the IAS before user logon the laptop must have a certificate
    validating the computer account as well as the user account.

    Look into the IAS logs to see any messages relating to failed computer
    authentication.

    Also, you should use the zero configuration service of XP to manage the
    wlan card...

    At our office, we do this successfully (almost the same setup as yours:
    XPSP2 laptops (centrino) logging on to a network of cisco ap's using an
    IAS server for 802.1x authentication...).


    --
    Martin Bodenstedt

    (www.die-bodenstedts.de / www.maboko.de)
    Martin Bodenstedt, Nov 2, 2005
    #2
    1. Advertising

  3. Dr Zoidberg

    Dr Zoidberg Guest

    Martin Bodenstedt wrote:
    > Dr Zoidberg schrieb:
    >> Hi there.
    >> I've set up a test lab using a windows XP SP2 laptop with built in
    >> W-LAN card using EAP-TLS authentication and WPA encryption to
    >> connect to a Cisco access point.
    >> The authentication is done using a Windows 2000 server using IAS and
    >> running as a certificate authority.
    >>
    >> It's working happily with users requesting a certificate from the CA
    >> via the web interface and they can then connect after they have
    >> logged onto the laptop (using cached credentials as there is no
    >> connection to the network yet).

    >
    > To logon to the IAS before user logon the laptop must have a
    > certificate validating the computer account as well as the user
    > account.
    > Look into the IAS logs to see any messages relating to failed computer
    > authentication.
    >
    > Also, you should use the zero configuration service of XP to manage
    > the wlan card...
    >
    > At our office, we do this successfully (almost the same setup as
    > yours: XPSP2 laptops (centrino) logging on to a network of cisco ap's
    > using an IAS server for 802.1x authentication...).


    Yep , got it working last thing yesterday using group policy to
    automatically generate certificates.

    Thanks

    --
    Alex

    Hermes: "We can't afford that! Especially not Zoidberg!"
    Zoidberg: "They took away my credit cards!"

    www.drzoidberg.co.uk www.ebayfaq.co.uk
    Dr Zoidberg, Nov 2, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Robert Irwin

    Does EAP-TLS *NEED* Windows 2003 server?

    Robert Irwin, Jul 7, 2004, in forum: Wireless Networking
    Replies:
    3
    Views:
    5,163
    Wayne Tilton
    Jul 12, 2004
  2. =?Utf-8?B?SmF5?=

    Type of Wireless Access Point needed with EAP-TLS

    =?Utf-8?B?SmF5?=, Mar 30, 2005, in forum: Wireless Networking
    Replies:
    2
    Views:
    705
    =?Utf-8?B?SmF5?=
    Apr 1, 2005
  3. erha
    Replies:
    0
    Views:
    1,068
  4. CJH
    Replies:
    0
    Views:
    1,880
  5. Replies:
    1
    Views:
    2,203
    b1-100
    Aug 27, 2011
Loading...

Share This Page