All,
I'm currently deploying a wireless setup using 802.1x and WPA, having the
AP authenticating the clients through RADIUS (IAS) towards Active Directory.
I'm using PEAP-MSCHAP as authentication means, as opposed to EAP-TLS.
We have it all setup and working nicely, granting the users persmissions to
access the WLAN by using group memberships in AD for each user that should
have access. Though, as it turns out - before any user logs on to the client
the clients tries to authenticate the computer (as opposed to the user).
This currently results in huge ammount of systemlogs on the DC/IAS computer,
as the client computer have not been granted these permissions yet.
This, the computer authentication process, is fairly well documented for the
EAP-TLS authentication means, though I have not seen a single line written
about it for PEAP-MSCHAP.
Is anyone aware of if this process is identical with that of the EAP-TLS ?
That is, instead of using a computer certificate, the computer uses the
computer account in AD to authenticate the computer and the user who logs on
the computer has 60 seconds to re-authenticate using his user-level
permissions or network connectivity will be terminated ? (Controlled through
HKLM\Software\Microsoft\EAPOL\Parameters\General\G lobal\AuthMode registry
key).
Regards
Kris
|
Similar Threads
Linear Mode
