On Thu, Jan 28, 2021 at 2:33 PM Alan DeKok <aland@deployingradius.com> wrote:
The Windows 10 client has imported both the CA in trusted roots and the client certificate in the "local computer" store. I chose the common name "PC2036" (see below).
That might work... it depends. Windows has a few certificate stores. If you put the certs into the wrong one, then EAP-TLS won't work.
The wireless connection is set up with a "smart card or other certificate" (computer account).
I'm not sure that will work. You're better off using a user account, and putting the certs into the local cert store for the *user*.
That's the bit that puzzles me. I want to allow the client device to authenticate at boot time regardless of the user. I'll try to import the certificate in the administrator's account on that device and see if the Windows 10 system authenticates before the user logon screen shows up. Thanks,, Vieri