On Thu, Jan 28, 2021 at 5:31 PM Alan DeKok <aland@deployingradius.com> wrote:
On Jan 28, 2021, at 11:21 AM, Vieri Di Paola <vieridipaola@gmail.com> wrote:
That's the bit that puzzles me. I want to allow the client device to authenticate at boot time regardless of the user.
You didn't say that.
I'll try to import the certificate in the administrator's account on that device and see if the Windows 10 system authenticates before the user logon screen shows up.
In the end, this is all Windows magic. If you figure it out, I suggest updating the Wiki with some information. I don't run Windows, so I can't really offer much useful advice here.
Hi again, Lucky you... I found the time to resume my configuration and found out that importing the pem client certificate into the Windows "computer account" store does not work as I expect it to (see first post). However, importing the p12 certificate works perfectly. I'll have to tailor the Makefile as required. BTW why does the Makefile copy client.pem to USER_NAME.pem but doesn't do the same for p12 et al.? I know it's just there for convenience, but I'm wondering if it's for a specific design purpose. Maybe it's because the pem format works fine on non-Windoze clients. Thanks, Vieri