HELP! EAP-TLS: how can I install a cert on a workstation so that it works for all users
Nik Alleyne
nalleyne at brontecollege.ca
Thu Jul 16 18:59:30 CEST 2009
Hi Guys,
I think this is an excellent tutorial for what he is trying to achieve.
http://www.howtoforge.com/wifi-authentication-accounting-with-freeradius-on-centos5
I've used this along with assistance from Ivan and have gotten everything I
wanted to work successfully.
Nik
Quoting Nicolas Boullis <nicolas.boullis at ecp.fr>:
> Hi,
>
> DISCLAIMER: I'm no Windows specialist.
>
> john wrote:
>>
>> I am having a hard time figuring out how to make this work. Where/how
>> does the cert get imported. Do I need to make a registry change in
>> KEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters\General\Global
>> to make this work? I hope this is the part someone on the list will
>> have done before and be able to guide me or point me at a howto.
>
> I had a hard time with this as well, and finally succeeded, using
> Windows XP.
> There are many points that matter:
> * You have to edit your registry to add a "AuthMode" dword key in
> KEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters\General\Global
> with value 2.
> * You have to load your certificate and private key in the computer's
> personal store. I did that with mmc.exe. Note that loading the
> certificate and private key in a user's personal store and then
> moving them to the computer's store did not work for me.
> * Your certificate must have "X509v3 Extended Key Usage: TLS Web Client
> Authentication" or Windows won't use it.
> * The username Windows will use is the name in the certificate with
> "host/" prepended.
>
> Note that things are quite different with Windows Vista.
>
> Hope this helps,
>
> --
> Nicolas Boullis
> Ecole Centrale Paris
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
Nik
More information about the Freeradius-Users
mailing list