cplyon
asked on
802.1x Machine pre-authentication
I'm currently working on a testbed for a deployment coming soon:
I've set up peap-tls with user authentication via smartcards over vista to a lightweight converted Cisco1230AP to a WiSM to the Active Directory/CA (WiSM is being managed by WCS) Currently the NPS/AD/PKI/CA are all the same 2008r2 box. The problem comes when I change from user authentication to Machine authentication to allow new users to be able to log into the domain on the laptop via a wireless connection. Has anyone worked with this before? I'm getting an Error23 in my NPS log saying denied access to a user. The log also clarifies that an error occured during the Network Protection Server use of the Extensible Authentication Protocol. I've tried negotiating the connection via smartcard/other certificiate, EAP, PEAP, MSCHAPv2 etc... any help would be GREAT!
I've set up peap-tls with user authentication via smartcards over vista to a lightweight converted Cisco1230AP to a WiSM to the Active Directory/CA (WiSM is being managed by WCS) Currently the NPS/AD/PKI/CA are all the same 2008r2 box. The problem comes when I change from user authentication to Machine authentication to allow new users to be able to log into the domain on the laptop via a wireless connection. Has anyone worked with this before? I'm getting an Error23 in my NPS log saying denied access to a user. The log also clarifies that an error occured during the Network Protection Server use of the Extensible Authentication Protocol. I've tried negotiating the connection via smartcard/other certificiate, EAP, PEAP, MSCHAPv2 etc... any help would be GREAT!
ASKER
Actually I'm using vista as the supplicant os, as I said, I've tried all that including manually creating the connection and ensuring is set to machine authentication. I've also tried making the profile through gpo, and doing the manual export and editing the connection properties in xml to explicitly use machine auth. Over also ensured the nps connection properties match the connection request
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
solved issue after banging head against wall
On NPS you should configure the domain computers the same way as you did with the domain users.