|
Home > Archive > Radius Server > December 2006 > Wired Authentication issues.
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Wired Authentication issues.
|
|
|
| Hello,
I have set up Windows 2003 R2 Certificate Services along with IAS to enable
port authentication. I have used the "Securing Wireless LANs with
Certificate Services" Build guide and "Deployment of IEEE 802.1X for Wired
Networks Using Microsoft Windows" as guides to configure everything. The
client computers are Windows 2000 SP4 and Windows XP SP2.
I have configured a Version 1 Computer template and the client machines are
all getting their certificates. Once a machine has a certificate after the
first reboot the machine will authenticate with the port and allow access.
Upon subsequent reboots Windows come back with the error "Windows was unable
to find a certificate to log you on to the network." When I look in the
computers certificates the computer does in fact have a certificate. The
IAS server does not see an authentication request as the client does not
send one. The Wireless configuration services are running and the
authentication options for the network adapter are set to "Authenticate as
computer when computer information is available"
Any ideas?, Am I using the wrong certificate?
Thanks in Advance
Derek
| |
| James McIllece [MS] 2006-12-01, 7:22 pm |
| Hi Derek --
I am a little confused -- are you deploying 802.1X Ethernet (wired) or
802.1X wireless? Or maybe you are doing both. I ask because you mention
both a wireless and wired guide in your first paragraph below.
Which client (wired or wireless) are you having problems with?
Thanks for any additional information you can provide.
"Derek" <remove_dis_dawc21@hotmail.com> wrote in
news:OiJowjWFHHA.1816@TK2MSFTNGP06.phx.gbl:
> Hello,
>
>
>
> I have set up Windows 2003 R2 Certificate Services along with IAS to
> enable port authentication. I have used the "Securing Wireless LANs
> with Certificate Services" Build guide and "Deployment of IEEE 802.1X
> for Wired Networks Using Microsoft Windows" as guides to configure
> everything. The client computers are Windows 2000 SP4 and Windows XP
> SP2.
>
>
>
> I have configured a Version 1 Computer template and the client
> machines are all getting their certificates. Once a machine has a
> certificate after the first reboot the machine will authenticate with
> the port and allow access. Upon subsequent reboots Windows come back
> with the error "Windows was unable to find a certificate to log you on
> to the network." When I look in the computers certificates the
> computer does in fact have a certificate. The IAS server does not see
> an authentication request as the client does not send one. The
> Wireless configuration services are running and the authentication
> options for the network adapter are set to "Authenticate as computer
> when computer information is available"
>
>
>
> Any ideas?, Am I using the wrong certificate?
>
>
>
> Thanks in Advance
>
>
>
> Derek
>
>
>
>
>
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
| |
|
| I am trying to get wired working first, then wireless. All I need at this
point is to get the wired clients to authenticate to the port. Once I have
that working then I will built a guest vlan for un-authenticated users.
"James McIllece [MS]" <jamesmci@online.microsoft.com> wrote in message
news:Xns988C919EF406jamesmcionlinemicros
@207.46.248.16...
> Hi Derek --
>
> I am a little confused -- are you deploying 802.1X Ethernet (wired) or
> 802.1X wireless? Or maybe you are doing both. I ask because you mention
> both a wireless and wired guide in your first paragraph below.
>
> Which client (wired or wireless) are you having problems with?
>
> Thanks for any additional information you can provide.
>
> "Derek" <remove_dis_dawc21@hotmail.com> wrote in
> news:OiJowjWFHHA.1816@TK2MSFTNGP06.phx.gbl:
>
>
>
>
> --
> James McIllece, Microsoft
>
> Please do not send email directly to this alias. This is my online
> account
> name for newsgroup participation only.
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
| |
|
| Also if I understand correctly it should not matter if the client is
wireless or wired as the certificate is the same. I want to do only
computer certificates not user.
"James McIllece [MS]" <jamesmci@online.microsoft.com> wrote in message
news:Xns988C919EF406jamesmcionlinemicros
@207.46.248.16...
> Hi Derek --
>
> I am a little confused -- are you deploying 802.1X Ethernet (wired) or
> 802.1X wireless? Or maybe you are doing both. I ask because you mention
> both a wireless and wired guide in your first paragraph below.
>
> Which client (wired or wireless) are you having problems with?
>
> Thanks for any additional information you can provide.
>
> "Derek" <remove_dis_dawc21@hotmail.com> wrote in
> news:OiJowjWFHHA.1816@TK2MSFTNGP06.phx.gbl:
>
>
>
>
> --
> James McIllece, Microsoft
>
> Please do not send email directly to this alias. This is my online
> account
> name for newsgroup participation only.
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
| |
| James McIllece [MS] 2006-12-04, 7:23 pm |
| OK, so you need to verify that you have the CA cert in the Trusted Root
Certification Authorities certificate store on the client.
Also verify that the server cert is properly formed (if you can configure
it in a remote access policy in IAS it is probably OK) and that the client
certs are too.
You can find the minimum server and client cert requirements in the IAS
Help topic "Network access authentication and certificates."
"Derek" <remove_dis_dawc21@hotmail.com> wrote in
news:O0bLXIaFHHA.1188@TK2MSFTNGP06.phx.gbl:
> I am trying to get wired working first, then wireless. All I need at
> this point is to get the wired clients to authenticate to the port.
> Once I have that working then I will built a guest vlan for
> un-authenticated users. "James McIllece [MS]"
> <jamesmci@online.microsoft.com> wrote in message
> news:Xns988C919EF406jamesmcionlinemicros
@207.46.248.16...
>
>
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
|
|
|
|
|