Discussion:
Client side default authentication settings
(too old to reply)
Elliot Ronen
2008-03-25 15:50:32 UTC
Permalink
I'm having a tiny (but jarring) issue preventing me from rolling out
my wireless RADIUS setup. The infrastructure works and it
authenticates fine; unfortunately, when a new user connects to the
secure network for the first time, it comes up with the "Cannot find a
valid certificate" error. If you then open up the wireless network
(under Wireless Network Connection Properties: Preferred Network: and
click properties on the secure network), the EAP type in the
Authentication tab defaults to "Smart Card or other Certificate." If
you change the EAP type to Protected EAP (PEAP) and hit ok, the
computer connects, authenticates and it works just fine.

How do I make the network default to PEAP in that menu? I've looked
high and low for a place in IAS and Group Policy where it might be set
to Smart Card or other Certificate, but I've come up with nothing. Is
there a Group Policy object I can deploy to change that default, or is
it a setting in IAS?
S. Pidgorny <MVP>
2008-03-28 07:24:15 UTC
Permalink
Sure you can configure the authentication option in the wireless group
policy. See, for instance,
http://technet.microsoft.com/en-us/magazine/cc162468.aspx
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *
Post by Elliot Ronen
I'm having a tiny (but jarring) issue preventing me from rolling out
my wireless RADIUS setup. The infrastructure works and it
authenticates fine; unfortunately, when a new user connects to the
secure network for the first time, it comes up with the "Cannot find a
valid certificate" error. If you then open up the wireless network
(under Wireless Network Connection Properties: Preferred Network: and
click properties on the secure network), the EAP type in the
Authentication tab defaults to "Smart Card or other Certificate." If
you change the EAP type to Protected EAP (PEAP) and hit ok, the
computer connects, authenticates and it works just fine.
How do I make the network default to PEAP in that menu? I've looked
high and low for a place in IAS and Group Policy where it might be set
to Smart Card or other Certificate, but I've come up with nothing. Is
there a Group Policy object I can deploy to change that default, or is
it a setting in IAS?
Elliot Ronen
2008-03-28 14:35:45 UTC
Permalink
Thanks for the reply. Of course the piece of information I left out is
that all end users are running WinXP Pro.

Regardless, I've tried distributing the network information via Group
Policy before (and I just tried it again, created new policy from
scratch, set it up, assigned to computer instead of user, gpupdate /
force on the client) but still no luck. Whenever trying to connect for
the first time, it still defaults to Smart Card or other Certificate.

Any other suggestions, or information I can provide?
Post by S. Pidgorny <MVP>
Sure you can configure the authentication option in the wireless group
policy. See, for instance,http://technet.microsoft.com/en-us/magazine/cc162468.aspx
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
*http://sl.mvps.org*http://msmvps.com/blogs/sp*
Post by Elliot Ronen
I'm having a tiny (but jarring) issue preventing me from rolling out
my wireless RADIUS setup. The infrastructure works and it
authenticates fine; unfortunately, when a new user connects to the
secure network for the first time, it comes up with the "Cannot find a
valid certificate" error. If you then open up the wireless network
(under Wireless Network Connection Properties: Preferred Network: and
click properties on the secure network), the EAP type in the
Authentication tab defaults to "Smart Card or other Certificate." If
you change the EAP type to Protected EAP (PEAP) and hit ok, the
computer connects, authenticates and it works just fine.
How do I make the network default to PEAP in that menu? I've looked
high and low for a place in IAS and Group Policy where it might be set
to Smart Card or other Certificate, but I've come up with nothing. Is
there a Group Policy object I can deploy to change that default, or is
it a setting in IAS?
Prashant Siemens
2008-04-18 12:11:34 UTC
Permalink
Post by Elliot Ronen
I'm having a tiny (but jarring) issue preventing me from rolling out
my wireless RADIUS setup. The infrastructure works and it
authenticates fine; unfortunately, when a new user connects to the
secure network for the first time, it comes up with the "Cannot find a
valid certificate" error. If you then open up the wireless network
(under Wireless Network Connection Properties: Preferred Network: and
click properties on the secure network), the EAP type in the
Authentication tab defaults to "Smart Card or other Certificate." If
you change the EAP type to Protected EAP (PEAP) and hit ok, the
computer connects, authenticates and it works just fine.
How do I make the network default to PEAP in that menu? I've looked
high and low for a place in IAS and Group Policy where it might be set
to Smart Card or other Certificate, but I've come up with nothing. Is
there a Group Policy object I can deploy to change that default, or is
it a setting in IAS?
Hi,

When we are talking abt the security then yes we need to set the
security at the both th end.
So As you have define one policy for the RADIUS same way you need to
setup the policy for the client laptop as well, becaiuse the new users
laptop don't know what policy you have set & so manually you need to
set that to PEAP

If you can prepare any batch/program file to do so that will be better
OR else always this will be the procedure.

Loading...