802.1x in Windows
ms at sys4.de
Tue Sep 6 11:55:27 CEST 2016
Am Dienstag, 6. September 2016, 10:26:07 schrieben Sie:
> On Tue, Sep 06, 2016 at 09:03:14AM +0200, Michael Schwartzkopff wrote:
> > this might be a little bit off topic, but perhaps someone can help here.
> A little.
> > I want to set up 802.1x for windows systems. In windows 7 an higher, is it
> > possible to use certificates for the client authentication if no user is
> > logged in, but passwords for the user authentication?
> For Windows 7 at least, you can use
> "user authentication" which is either with certificates (EAP-TLS)
> or username/password (PEAP/MSCHAPv2).
> "machine authentication" which usually uses certificates
> (EAP-TLS), but I believe can auth with the username and password
> of the computer's AD account with MSCHAPv2.
> You can't use both at the same time (e.g. PEAP/MSCHAPv2 with the
> "machine" certificate sent as a client certificate in PEAP and the
> user's password sent in the MSCHAPv2 part) because Windows won't
> let you send a client certificate as part of PEAP, even though
> it's technically allowed. EAP-TLS is certificate only.
> There is an option somewhere that lets you use "machine"
> authentication at boot time, and then to re-authenticate using the
> user's credentials when they log in to Windows, but I forget where
> it is now. This sounds like it's what you want.
Yes. Thats is what I was looking for. But it seems I have to set it up in my
lab to test it.
> FreeRADIUS can handle all of the above.
I know :-)
Mit freundlichen Grüßen,
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Schleißheimer Straße 26/MG, 80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 230 bytes
Desc: This is a digitally signed message part.
More information about the Freeradius-Users