Windows 7, wired 802.1x, native EAP-TLS w/o AD, NPS

Timo Buhrmester timo.buhrmester at
Mon Apr 10 13:23:19 CEST 2017

Thanks for your replies.

> Basically, follow all those fine instructions for wireless, and do them
> on the wired interface instead.
The thing is, all those fine instructions seem to start with
going via dialogs that are specifically about to wireless networks.

It's not like there's some configuration which I could simply s/wlan0/eth0/g.

E.g. "Connect to a network", "Manage wireless networks", "Add a wireless
network", etc.  Some of those aren't even visible unless the machine
in question has a WiFi Adapter.

I've looked at:
Garbage, also assumes NPS
Seems to deal with the server-side only, assumes NPS and AD
There's no "Manage wireless networks" without WiFi Hardware present.
Adding some, it asks for things like SSID, which doesn't exist on
wired networks.
Windows XP

..and a ton of other resources.

What *seems* to come closest, is to enable 802.1x authentication (possible
on the wired interface if the Wired Autoconfig service is running),
selecting "Microsoft SmardCard or other certificate" (which I assume is
a code for EAP-TLS since the only other option is PEAP -- or is the Windows-
way to do PEAP/EAP-TLS?), but the machine never reacts to the
"Request Identity" packet (even though it does transmit an EAPOL Start").

Occasionally it will inform me that "A certificate is required to connect
to this network", but that's about it.  Needless to point out, the
aproporiate CA and client certificates are imported into the Windows
certificate store.  Oddly enough, the machine realizes that a certificate is
needed without anything hitting the RADUIS server.

What a giant clusterf*ck.

If you do have a resource that actually does map to wired networks even
though written for wireless, please share.


More information about the Freeradius-Users mailing list