Windows 7, wired 802.1x, native EAP-TLS w/o AD, NPS
Selahattin Cilek
selahattin_cilek at hotmail.com
Mon Apr 10 11:57:35 CEST 2017
On 10.04.2017 11:46, Timo Buhrmester wrote:
> Hello list,
>
> I'm trying to implement 802.1x/EAP-TLS on a wired network.
> Getting that to work on Linux clients was reasonably straightforward
> using wpa_supplicant (and freeradius as the back-end).
>
> However, we also have Windows (7) clients on the network, and I'm
> having issues setting that up. It is my understanding that
> a) EAP-TLS is mandatory for systems that claim to support 802.1x
> b) Windows claims to support 802.1x.
>
> Unfortunately, every resource I could find either assumes there's
> an Active Directory infrastructure (which, fortunately, we don't
> use here) and other shady things involved (NPS -- seems to be
> sort of an ersatz-radius), OR talks about wireless, OR refers
> to other versions of Windows, OR ... None seems to describe the
> combination Windows 7, native supplicant, freeradius, no AD/NPS.
>
> So my question, although not directly freeradius-related, is:
> Does anyone have experience setting up EAP-TLS on a wired network
> on Windows 7 clients? Is AD strictly required? If so, I wonder
> how Windows could get away claiming to support 802.1x.
>
> I.e.: Does anybody know whether this is possible *at all*?
Of course it is. The problem is that Windows 7 does not support EAP-TTLS
natively. First, you will have to enable and start the Windows service
called "Wired AutoConfig." Then, you will have to install 3rd party
software, most notably SecureW2. After that, you will have to configure
*both* the interface *and* SecureW2. It is pretty straightforward.
Please see:
https://documentation.meraki.com/MS/Access_Control/Configuring_802.1X_Wired_Authentication_on_a_Windows_7_Client
I've done it with success on many Windows 7 systems.
>
> I'm already considering trying 3rd party supplicants, but I'd much
> rather go with the native one.
>
> Thanks,
> Timo
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cheers,
Selahattin ÇİLEK
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
More information about the Freeradius-Users
mailing list