Solved

802.1x Machine pre-authentication

Posted on 2010-11-15
4
1,246 Views
Last Modified: 2012-05-10
I'm currently working on a testbed for a deployment coming soon:

I've set up peap-tls with user authentication via smartcards over vista to a lightweight converted Cisco1230AP to a WiSM to the Active Directory/CA (WiSM is being managed by WCS)  Currently the NPS/AD/PKI/CA are all the same 2008r2 box.  The problem comes when I change from user authentication to Machine authentication to allow new users to be able to log into the domain on the laptop via a wireless connection.  Has anyone worked with this before?  I'm getting an Error23 in my NPS log saying denied access to a user.  The log also clarifies that an error occured during the Network Protection Server use of the Extensible Authentication Protocol.  I've tried negotiating the connection via smartcard/other certificiate, EAP, PEAP, MSCHAPv2 etc... any help would be GREAT!
0
Comment
Question by:cplyon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 5

Expert Comment

by:RikeR
ID: 34140039
On Windows 7 go to the properties of the wireless network under manage wireless networks, select the security tab and hit the advanced settings button. Under verification method select user or machine authentication. For your test you can only select machine authentication.

On NPS you should configure the domain computers the same way as you did with the domain users.
0
 

Author Comment

by:cplyon
ID: 34140305
Actually I'm using vista as the supplicant os, as I said, I've tried all that including manually creating the connection and ensuring is set to machine authentication. I've also tried making the profile through gpo, and doing the manual export and editing the connection properties in xml to explicitly use machine auth. Over also ensured the nps connection properties match the connection request
0
 

Accepted Solution

by:
cplyon earned 0 total points
ID: 34150771
Turns out for some reason that either my server cert or machine cert was not being verified correctly, I created and deployed new certs and it worked fine
0
 

Author Closing Comment

by:cplyon
ID: 34182499
solved issue after banging head against wall
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question