802.1x authentication with computer credentials

Discussion in 'Wireless Networking' started by Ilkka Lindblom, Feb 23, 2006.

  1. Hello

    I am setting up a wlan with 802.1x authentication using eap-tls, hp
    access points and ias. I have configured the enterprise CA, the ias
    server, the group policies, configured the ap, created certificates for
    my client machines and so on. The network operates flawlessly when I log
    in on the machine as the domain user, using the domain password that has
    been cached on the client. In other words, I have no network
    connectivity at that point, but as soon as the user is logged in the
    wireless network starts to work, I would assume by using the
    certificates the logged in user has on his account. How ever, if the
    password is not in the cache, I get the error about domain not being
    available. Seems that the network is not working at all before the user
    logs in.

    I have requested (and received) a computer certificate for the local
    computer. I have, in ad, allowed dial-in connections for the computer
    account. My ras profile currently allows all connections as long as they
    originate from the wlan. The IAS server event log shows no events until
    the successful authentication by user event, ie, no errors or failed
    authentications by the computer account.

    In the group policy that pushes the wireless network settings to the
    client computer, I have set up the settings just like in this example
    image from technet:


    As far as I understand, the last two options should specifically allow
    me to use the wireless network before user logon, using the computer
    certificate I have on the client?

    Is there some further setting somewhere where I have to allow the
    computer to authenticate to the wlan before the user logs in?
    Ilkka Lindblom, Feb 23, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.