Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

802.1x Machine pre-authentication

Posted on 2010-11-15
4
Medium Priority
?
1,259 Views
Last Modified: 2012-05-10
I'm currently working on a testbed for a deployment coming soon:

I've set up peap-tls with user authentication via smartcards over vista to a lightweight converted Cisco1230AP to a WiSM to the Active Directory/CA (WiSM is being managed by WCS)  Currently the NPS/AD/PKI/CA are all the same 2008r2 box.  The problem comes when I change from user authentication to Machine authentication to allow new users to be able to log into the domain on the laptop via a wireless connection.  Has anyone worked with this before?  I'm getting an Error23 in my NPS log saying denied access to a user.  The log also clarifies that an error occured during the Network Protection Server use of the Extensible Authentication Protocol.  I've tried negotiating the connection via smartcard/other certificiate, EAP, PEAP, MSCHAPv2 etc... any help would be GREAT!
0
Comment
Question by:cplyon
  • 3
4 Comments
 
LVL 5

Expert Comment

by:RikeR
ID: 34140039
On Windows 7 go to the properties of the wireless network under manage wireless networks, select the security tab and hit the advanced settings button. Under verification method select user or machine authentication. For your test you can only select machine authentication.

On NPS you should configure the domain computers the same way as you did with the domain users.
0
 

Author Comment

by:cplyon
ID: 34140305
Actually I'm using vista as the supplicant os, as I said, I've tried all that including manually creating the connection and ensuring is set to machine authentication. I've also tried making the profile through gpo, and doing the manual export and editing the connection properties in xml to explicitly use machine auth. Over also ensured the nps connection properties match the connection request
0
 

Accepted Solution

by:
cplyon earned 0 total points
ID: 34150771
Turns out for some reason that either my server cert or machine cert was not being verified correctly, I created and deployed new certs and it worked fine
0
 

Author Closing Comment

by:cplyon
ID: 34182499
solved issue after banging head against wall
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question