Solved

802.1x Machine pre-authentication

Posted on 2010-11-15
4
1,240 Views
Last Modified: 2012-05-10
I'm currently working on a testbed for a deployment coming soon:

I've set up peap-tls with user authentication via smartcards over vista to a lightweight converted Cisco1230AP to a WiSM to the Active Directory/CA (WiSM is being managed by WCS)  Currently the NPS/AD/PKI/CA are all the same 2008r2 box.  The problem comes when I change from user authentication to Machine authentication to allow new users to be able to log into the domain on the laptop via a wireless connection.  Has anyone worked with this before?  I'm getting an Error23 in my NPS log saying denied access to a user.  The log also clarifies that an error occured during the Network Protection Server use of the Extensible Authentication Protocol.  I've tried negotiating the connection via smartcard/other certificiate, EAP, PEAP, MSCHAPv2 etc... any help would be GREAT!
0
Comment
Question by:cplyon
  • 3
4 Comments
 
LVL 5

Expert Comment

by:RikeR
ID: 34140039
On Windows 7 go to the properties of the wireless network under manage wireless networks, select the security tab and hit the advanced settings button. Under verification method select user or machine authentication. For your test you can only select machine authentication.

On NPS you should configure the domain computers the same way as you did with the domain users.
0
 

Author Comment

by:cplyon
ID: 34140305
Actually I'm using vista as the supplicant os, as I said, I've tried all that including manually creating the connection and ensuring is set to machine authentication. I've also tried making the profile through gpo, and doing the manual export and editing the connection properties in xml to explicitly use machine auth. Over also ensured the nps connection properties match the connection request
0
 

Accepted Solution

by:
cplyon earned 0 total points
ID: 34150771
Turns out for some reason that either my server cert or machine cert was not being verified correctly, I created and deployed new certs and it worked fine
0
 

Author Closing Comment

by:cplyon
ID: 34182499
solved issue after banging head against wall
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now