Re: inquiry

[Artur Hecker]

i can't give you the final detail for this answer but the principle is 
the following: windows can login either as computer or as a user. that 
depends on where you put the client certificates in the xp repository. 
being admin you can verify this with mmc. the certificates should be 
computer certificates. in the 802.1X authentication tab you can also 
check the box "authenticate as computer".

if i understand this correctly, this will make windows authenticate and 
establish the wireless link even without a user logon i.e. before 
ctrl-alt-del. that's what you want.

ciao
artur
arniel wrote:

Hi Guys,
 
Just want to ask something regarding user authentication of freeradius. 
I am implementing wireless EAP-TLS, with CISCO Aironet 350, my 
certificates are generated from my LINUX BOX. So I am getting the 
cer-clt.p12 and root.der and install it to my clients PC. We also have a 
Microsoft 2000 domain controller and at the same time DHCP server, my 
problem right now is that my XP workstation and MS 2000 Pro cant logon 
to the domain. As what I understood, upon PC boot up you have to press 
cntrl-alt-del and choose either to logon to a domain or this 
computer.... At this point, the PC is not yet certified to access the 
network because the re-certification will take place after you 
logon.  If choosing domain, my workstation cant logon but if choosing 
this computer its OK only I can  not run a script to MAP to the domain 
server. And if I am going to access the server from Network Places its 
going to ask me the domain username and password which is expected coz I 
did not logon to the domain in the first place. How can I configure the 
freeradius to authenticate first before the ctrl-alt-del window comes up.
 
How can I configure my radius.conf or my radius in such a way that it is 
going to ask the user to input the password from the Linux radius first 
and after successful verification its going to ask the domain password. 
For sure in this way we can now logon to the domain. The typical boot up 
procedure for windows 2000 PRO and XP is that you have to click or press 
ctrl-alt-del to logon and you can either choose this computer or a 
certain domain and after it its going to check the certificate. Can we 
reverse the process? Can we verify the certificate first before domain 
logon option? Please help.......
 
 
Has anyone have tried Freeradius EAP-TLS with Microsoft Domain logon 
integrated?
 
 
Thank you...
 
 
Arniel


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html