I'm currently working on a testbed for a deployment coming soon:
I've set up peap-tls with user authentication via smartcards over vista to a lightweight converted Cisco1230AP to a WiSM to the Active Directory/CA (WiSM is being managed by WCS) Currently the NPS/AD/PKI/CA are all the same 2008r2 box. The problem comes when I change from user authentication to Machine authentication to allow new users to be able to log into the domain on the laptop via a wireless connection. Has anyone worked with this before? I'm getting an Error23 in my NPS log saying denied access to a user. The log also clarifies that an error occured during the Network Protection Server use of the Extensible Authentication Protocol. I've tried negotiating the connection via smartcard/other certificiate, EAP, PEAP, MSCHAPv2 etc... any help would be GREAT!