Solved

802.1x Machine pre-authentication

Posted on 2010-11-15
4
1,245 Views
Last Modified: 2012-05-10
I'm currently working on a testbed for a deployment coming soon:

I've set up peap-tls with user authentication via smartcards over vista to a lightweight converted Cisco1230AP to a WiSM to the Active Directory/CA (WiSM is being managed by WCS)  Currently the NPS/AD/PKI/CA are all the same 2008r2 box.  The problem comes when I change from user authentication to Machine authentication to allow new users to be able to log into the domain on the laptop via a wireless connection.  Has anyone worked with this before?  I'm getting an Error23 in my NPS log saying denied access to a user.  The log also clarifies that an error occured during the Network Protection Server use of the Extensible Authentication Protocol.  I've tried negotiating the connection via smartcard/other certificiate, EAP, PEAP, MSCHAPv2 etc... any help would be GREAT!
0
Comment
Question by:cplyon
  • 3
4 Comments
 
LVL 5

Expert Comment

by:RikeR
ID: 34140039
On Windows 7 go to the properties of the wireless network under manage wireless networks, select the security tab and hit the advanced settings button. Under verification method select user or machine authentication. For your test you can only select machine authentication.

On NPS you should configure the domain computers the same way as you did with the domain users.
0
 

Author Comment

by:cplyon
ID: 34140305
Actually I'm using vista as the supplicant os, as I said, I've tried all that including manually creating the connection and ensuring is set to machine authentication. I've also tried making the profile through gpo, and doing the manual export and editing the connection properties in xml to explicitly use machine auth. Over also ensured the nps connection properties match the connection request
0
 

Accepted Solution

by:
cplyon earned 0 total points
ID: 34150771
Turns out for some reason that either my server cert or machine cert was not being verified correctly, I created and deployed new certs and it worked fine
0
 

Author Closing Comment

by:cplyon
ID: 34182499
solved issue after banging head against wall
0

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question