EAP-TLS authentication with Intel PROSet utility on Centrino laptop.

Discussion in 'Wireless Internet' started by freesailor, Oct 5, 2003.

  1. freesailor

    freesailor Guest

    I'm trying to authenticate my Acer 803LMi Centrino laptop on a
    wireless LAN, using 802.1x EAP-TLS with a computer (machine)
    certificate.

    The OS of the laptop is Windows XP Pro SP1, the authentication server
    is a Microsoft IAS on W2K.

    With MMC console I can see that the computer machine is into the
    certificate store, issued to my "xxx.domain.yyy" (computer name)
    laptop, with extended key usages "client authentication" and "server
    authentication".
    The certificate of the issuing CA is into the certificate store, too.
    The setting of wireless LAN from Windows seems to be OK (is the same
    that works with other non-Centrino laptops I've tested).

    I wasn't able to authenticate my laptop: the IAS refused the
    authentication from my "xxx.domain.yyy" client and near the wireless
    LAN icon in "Network Connections" I see a red question mark with
    "Validating Identity" status.

    So I've installed the Intel PROSet 7.1.0.0 utility and used it to
    manage the wifi LANs, instead of Windows.
    Then I've noticed that in 802.1x settings of TLS, the Intel PROSet
    utility shows all the trusted CA but shows NO CLIENT CERTIFICATE!
    So I can't select the certificate, leaving a blank "choice".
    I suspect that for some reasons the client certificate is not
    available to wireless connection and so the authentication obviously
    fails.

    Anyone can help me?
    Anyone is using EAP-TLS authentication with Centrino laptops (with
    integrated Intel PRO/Wireless 2100 adapter) and can tell me if a
    client (machine) certificate has to be shown in client certificates
    list of PROSet utility?
    Or if there are known problems with EAP-TLS on Centrino wireless
    connections?

    Thanks in advance.

    freesailor
     
    freesailor, Oct 5, 2003
    #1
    1. Advertisements

  2. freesailor

    freesailor Guest

    Well, it seems I've found what the problem is: I've *uninstalled* the
    Intel PROSet utility and now I can authenticate on the wireless LAN
    with EAP-TLS (using a machine certificate for my computer).
    It seems it's not enough to deactivate the utility giving control to
    Windows XP (you have the option, both at PROSet startup and on
    wireless LAN Properties in Windows): you have to *remove* the utility
    from the system.
    Maybe is a bug on EAP-TLS certificate management in PROSet utility
    coupled with an intrusive behaviour of the utility.

    Any ideas or info on the subject is welcomed: PROSet is nice, it's a
    pity if you can't use it with EAP-TLS ...

    freesailor
     
    freesailor, Oct 7, 2003
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.