I am trying to get a lap top to authenticate against Active directory using a computer account,
I have configured an 1131 Cisco Ap to use a windows 2003 radius server that has IAS set up on it. It in turn authenticates AD that is on a domain controller.
I have mangaged to get it working on user ccounts but, I wanted to get it working on computer accounts. I am using WPA and TKIP & PEAP
To Cater for the compuetr account I have configured the following
Export "Brighthouse CA" certificate from AD Trusted Root Cert Authority
Create new OU, called "Radius Test"
Create new group, called "Radius_Test"
Add laptop "BRIGHTHO-CD1557" to new group
Create new GPO, called "Radius Test GPO"
Configure new GPO as below;
Computer Configuration / Admin Templates / Network / click on Network Connections / IEEE 802.1x Certficate Authority for Machine Authentication - enable and add Certificate Authority Hash
Computer Configuration / Windows Settings / Security Settings / Wireless Network (IEEE 802.11) Policies - create a new Wireless Network Policy and configure as below
Networks to access - Access point networks only
Add preferred network - BLLN (SSID)
WPA-PSK / TKIP
EAP Type - Protected EAP (PEAP)
Computer Authentication - Computer Only
Assign GPO to new OU
RADIUS config - configure RADIUS in IAS as per RIFLOR IAS config. Straight forward with only a couple of items to configure
Test wireless / RADIUS access using laptop specified in AD group
also I have
pasted the thumbprint/hash of the certificate authority used for 802.1x authentication in Certificate Authority Hash. I obtained the thumbprint from Thumbprint field on the Details tab from the properties of a certificate in the Certificates snap-in.
Any one have any ideas that help it would be much apprecitaed
Wireless computer account authentication project
No replies to this topic
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users