Does a EAP-based VPN require "Active Directory"?

Hello all,

we setup a "Microsoft Windows 2003 Server ENT". It is a single machine,
without active directory and it isn't a domain member.
We installed a CA using certification services and IIS for web enrollment.

A VPN client will connect to this server, using a PPTP connection and
request a certificate browsing http://servername/certsrv.
We accept these request on serverside using ca-snapin and install this
certificate. We also installed the ROOT-CA cert on client machine.

Now, we changed the VPN connection from PPTP to LT2P and to EAP. But now,
everyclient tells me: "Error 798: A certificate could not be found that can
be used with this Extensible Authentication Protocol."

This leads me to the question, because in my opinion everything is okay (the
request certificate on client side will be listed in the own-computer
certs...), that a EAP-based VPN requires "Active Directory"... am I right or
can you help me out?

Regards,

"Thomas D." wrote:
> This leads me to the question, because in my opinion everything is okay (the
> request certificate on client side will be listed in the own-computer
> certs...), that a EAP-based VPN requires "Active Directory"... am I right or
> can you help me out?

I was right. An EAP-based VPN requires an "Active Directory". Without, you
cannot create computer certs and without these certs, you cannot create user
certs for EAP