802.1x EAP-TLS wireless networking - connect before logon

Discussion in 'Wireless Networking' started by Dr Zoidberg, Nov 1, 2005.

  1. Dr Zoidberg

    Dr Zoidberg Guest

    Hi there.
    I've set up a test lab using a windows XP SP2 laptop with built in W-LAN
    card using EAP-TLS authentication and WPA encryption to connect to a Cisco
    access point.
    The authentication is done using a Windows 2000 server using IAS and running
    as a certificate authority.

    It's working happily with users requesting a certificate from the CA via the
    web interface and they can then connect after they have logged onto the
    laptop (using cached credentials as there is no connection to the network
    yet).

    Can anyone point me in the direction of a guide to getting it authenticating
    the client PC (again via certificate) rather than the user and establishing
    the wireless connection before the user has logged on so that logon scripts
    etc will run reliably

    Thanks

    --
    Alex

    Hermes: "We can't afford that! Especially not Zoidberg!"
    Zoidberg: "They took away my credit cards!"

    www.drzoidberg.co.uk www.ebayfaq.co.uk
     
    Dr Zoidberg, Nov 1, 2005
    #1
    1. Advertisements

  2. To logon to the IAS before user logon the laptop must have a certificate
    validating the computer account as well as the user account.

    Look into the IAS logs to see any messages relating to failed computer
    authentication.

    Also, you should use the zero configuration service of XP to manage the
    wlan card...

    At our office, we do this successfully (almost the same setup as yours:
    XPSP2 laptops (centrino) logging on to a network of cisco ap's using an
    IAS server for 802.1x authentication...).
     
    Martin Bodenstedt, Nov 2, 2005
    #2
    1. Advertisements

  3. Dr Zoidberg

    Dr Zoidberg Guest

    Yep , got it working last thing yesterday using group policy to
    automatically generate certificates.

    Thanks

    --
    Alex

    Hermes: "We can't afford that! Especially not Zoidberg!"
    Zoidberg: "They took away my credit cards!"

    www.drzoidberg.co.uk www.ebayfaq.co.uk
     
    Dr Zoidberg, Nov 2, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.