Post by Benny HuygheI would like to use computer certs only, at this moment I activated
user & computer certs.
The goal is to implement autoenrollment, for the moment I installed
the certificate with the webbrowser on the client.
I would like to implement a solution that causes the least overhead,
but the procurve only supports EAP-TLS & CHAP MD5.
Thank you.
Post by James McIllece [MS]Post by Benny HuygheI think the problem is already with the configuration of the
radius-server host 10.0.0.10 key xxxxxxxxxxx
aaa authentication port-access eap-radius
Am I missing something, I suppose this command should prevent a
non-domain laptop getting an ip adress.
It depends on how you deploy EAP-TLS -- are you using computer certs
or user certs? What is the method you used to deploy certificates --
autoenrollment, smart card, etc...?
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online
account name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
The first thing is to make sure the client and user certificates are
properly configured. To configure the certs, you must open Certificate
Templates, make a copy of the cert you want to use, and then configure the
cert according to the minimum computer certificate requirements section in
"Network access authentication and certificates" in Windows Server 2003 IAS
or VPN Help, or on the web at
http://technet2.microsoft.com/windowsserver/en/library/9d8b61c9-a870-4627-
a8f2-148625fd7fba1033.mspx
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.