Windows XP supplicant limitation ?
Jérémy Cluzel
j.cluzel at online.fr
Mon Sep 5 11:55:33 CEST 2005
Hi,
>/ /Hi,
>/ /
>/ />/ //- user auth after the doain controler has accepted logon.
/>/ />/ Does anybody know if the windows XP supplicant is able to do this ?
/>/ />/ Do I need a better supplicant ? aegis? secureW2? Funk Odissey ?
/
>/ /i believe it wont do anything useful or multifunctional like
>/ /you require. a good option would be to use the supplicant
>/ /so authenticate the system, then use something like pGina
>/ /to do the user authentication - that can then authenticate
>/ /the user against a RADIUS server
>/ /
>/ /pgina - http://pgina.xpasystems.com/info/
>/ /
>/ /
>/ /alan
In fact, XP supplicant seems to allow only one auth method (EAP-TLS or PEAP).
If I use TLS machine auth will be OK, so I can log on my domain and get my roaming profile.
But If want to keep my network connection, I have to use a user cert too or do the registry hack (AuthMode set to 2).
If I choose to use PEAP, computer auth, as far as I understood, will never work, so I won't be able to log on my domain...
A solution may be a supplicant which first tries to make a network connection (using username/password), and then, if it succeeds, tries to authenticate user against the domain.
I don't see how pgina will help me... sorry.
Regards,
Jeremy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050905/1acde911/attachment.html>
More information about the Freeradius-Users
mailing list