Windows 7, wired 802.1x, native EAP-TLS w/o AD, NPS
stefan.winter at restena.lu
Mon Apr 10 13:31:34 CEST 2017
> What *seems* to come closest, is to enable 802.1x authentication (possible
> on the wired interface if the Wired Autoconfig service is running),
> selecting "Microsoft SmardCard or other certificate" (which I assume is
> a code for EAP-TLS since the only other option is PEAP -- or is the Windows-
> way to do PEAP/EAP-TLS?),
That's right. "Other certificate" is what you need.
> but the machine never reacts to the
> "Request Identity" packet (even though it does transmit an EAPOL Start").
> Occasionally it will inform me that "A certificate is required to connect
> to this network", but that's about it. Needless to point out, the
> aproporiate CA and client certificates are imported into the Windows
> certificate store. Oddly enough, the machine realizes that a certificate is
> needed without anything hitting the RADUIS server.
> What a giant clusterf*ck.
Many people do what you try to do without issues. If it doesn't work,
the problem is most likely on your own end. You shouldn't give yourself
names like that.
> If you do have a resource that actually does map to wired networks even
> though written for wireless, please share.
Random searches on DuckDuckGo quickly turned up this:
(did you for example check that it's "user authentication", not machine
This is for PEAP obviously, but the difference between PEAP and TLS is
that it's a different drop-down entry in one of the screenshots.
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the Freeradius-Users