HELP! EAP-TLS: how can I install a cert on a workstation so that it works for all users

john lists.john at gmail.com
Wed Jul 15 19:08:09 CEST 2009


On Wed, Jul 15, 2009 at 1:52 AM, Ivan Kalik<tnt at kalik.net> wrote:
>> Can I create a client cert for a computer so that any user that logs
>> in may use it automatically under Windows XP? I have successfully
>> created a client.p12 with the FQDN of the workstation I am using,
>> installed it and been authenticated by Freeradius. However when I log
>> in to the computer under a different windows profile authentication
>> fails.
>
> Yes, that's how user certificates work.
>
>> How should I create this file and where do I place this cert so that
>> it's available for any user logging on?
>
> The whole idea of user certificates is for this not to be possible.

Thanks for the reply Ivan,

So are the following correct?:

(1) I can create a single cert for a computer and distribute it to all
users who may use that computer


(2) I can create a cert for every user and distribute it to every
computer that a user logs into.

(3) I cannot create a generic "computer cert" that authenticates the
computer and opens the port?

Thanks!

John



More information about the Freeradius-Users mailing list