inquiry

[arniel]

Hi Guys,   Just want to ask something regarding user authentication of freeradius. I am implementing wireless EAP-TLS, with CISCO Aironet 350, my certificates are generated from my LINUX BOX. So I am getting the cer-clt.p12 and root.der and install it to my clients PC. We also have a Microsoft 2000 domain controller and at the same time DHCP server, my problem right now is that my XP workstation and MS 2000 Pro cant logon to the domain. As what I understood, upon PC boot up you have to press cntrl-alt-del and choose either to logon to a domain or this computer.... At this point, the PC is not yet certified to access the network because the re-certification will take place after you logon.  If choosing domain, my workstation cant logon but if choosing this computer its OK only I can  not run a script to MAP to the domain server. And if I am going to access the server from Network Places its going to ask me the domain username and password which is expected coz I did not logon to the domain in the first place. How can I configure the freeradius to authenticate first before the ctrl-alt-del window comes up.   How can I configure my radius.conf or my radius in such a way that it is going to ask the user to input the password from the Linux radius first and after successful verification its going to ask the domain password. For sure in this way we can now logon to the domain. The typical boot up procedure for windows 2000 PRO and XP is that you have to click or press ctrl-alt-del to logon and you can either choose this computer or a certain domain and after it its going to check the certificate. Can we reverse the process? Can we verify the certificate first before domain logon option? Please help.......     Has anyone have tried Freeradius EAP-TLS with Microsoft Domain logon integrated?     Thank you...     Arniel