Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

802.1x Machine pre-authentication

Posted on 2010-11-15
4
Medium Priority
?
1,252 Views
Last Modified: 2012-05-10
I'm currently working on a testbed for a deployment coming soon:

I've set up peap-tls with user authentication via smartcards over vista to a lightweight converted Cisco1230AP to a WiSM to the Active Directory/CA (WiSM is being managed by WCS)  Currently the NPS/AD/PKI/CA are all the same 2008r2 box.  The problem comes when I change from user authentication to Machine authentication to allow new users to be able to log into the domain on the laptop via a wireless connection.  Has anyone worked with this before?  I'm getting an Error23 in my NPS log saying denied access to a user.  The log also clarifies that an error occured during the Network Protection Server use of the Extensible Authentication Protocol.  I've tried negotiating the connection via smartcard/other certificiate, EAP, PEAP, MSCHAPv2 etc... any help would be GREAT!
0
Comment
Question by:cplyon
  • 3
4 Comments
 
LVL 5

Expert Comment

by:RikeR
ID: 34140039
On Windows 7 go to the properties of the wireless network under manage wireless networks, select the security tab and hit the advanced settings button. Under verification method select user or machine authentication. For your test you can only select machine authentication.

On NPS you should configure the domain computers the same way as you did with the domain users.
0
 

Author Comment

by:cplyon
ID: 34140305
Actually I'm using vista as the supplicant os, as I said, I've tried all that including manually creating the connection and ensuring is set to machine authentication. I've also tried making the profile through gpo, and doing the manual export and editing the connection properties in xml to explicitly use machine auth. Over also ensured the nps connection properties match the connection request
0
 

Accepted Solution

by:
cplyon earned 0 total points
ID: 34150771
Turns out for some reason that either my server cert or machine cert was not being verified correctly, I created and deployed new certs and it worked fine
0
 

Author Closing Comment

by:cplyon
ID: 34182499
solved issue after banging head against wall
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question