G
Guest
Guest
Archived from groups: microsoft.public.windows.networking.wireless (More info?)
I am setting up EAP-TLS authentication, using certificates automatically
issued by our CA. The WXPSP2 machine is authenticating just fine....but when
I come to authenticate the user I get strange results.
CA is a Windows 2003 Enterprise Server and issues PKI certificates to users
and machines as required.
AP is Cisco 1200 configured for EAP-TLS and pointing to the Win2ks IAS
(radius) server.
Radius is working fine, however when I log into the XPSP2 computer as
*usera* after the box has tried to authenticate for a while I get a message
'Windows was unable to find a certificate to log you on to the network XYZ'.
*but*
if I look in the certificate mmc there *IS* a certificate for this user
installed (it was created by auto-enroll), it's valid and is for Client
authentification,EFS and email.
So why cant WXP see the certificate and use it?
If I log on as *userb* who also has a certificate in their store...it all
wokrs fine!
Needless to say both users are in the same OU in AD and in the same user
groups to ensure they get the same GPOs applied.
Any ideas?
Al Blake, Canberra, Australia
I am setting up EAP-TLS authentication, using certificates automatically
issued by our CA. The WXPSP2 machine is authenticating just fine....but when
I come to authenticate the user I get strange results.
CA is a Windows 2003 Enterprise Server and issues PKI certificates to users
and machines as required.
AP is Cisco 1200 configured for EAP-TLS and pointing to the Win2ks IAS
(radius) server.
Radius is working fine, however when I log into the XPSP2 computer as
*usera* after the box has tried to authenticate for a while I get a message
'Windows was unable to find a certificate to log you on to the network XYZ'.
*but*
if I look in the certificate mmc there *IS* a certificate for this user
installed (it was created by auto-enroll), it's valid and is for Client
authentification,EFS and email.
So why cant WXP see the certificate and use it?
If I log on as *userb* who also has a certificate in their store...it all
wokrs fine!
Needless to say both users are in the same OU in AD and in the same user
groups to ensure they get the same GPOs applied.
Any ideas?
Al Blake, Canberra, Australia