The client must have the root CA that signed the RADIUS certificate in order to validate the certificate. After which NPS should send it's RADIUS certificate down to the client for validation. The way this authentication should work is when the machine is plugged into an 802.1x capable port it will negotiate identify and authentication method information. You may also want to configure RADIUS certificate validation settings through group policy as well.Īlso, GP should push the root CA certificate to the client. Group Policy must also then configure the machine for 802.1x with Microsoft Smart Card/Certificate. When the domain machine is deployed it will contact the Server CA and request a personal certificate signed by that Certificate Authority. Windows Server 2012 needs to be a CA, but also much have a PKI infrastructure deployed with group policy that tells domain clients to request personal certificates. I think I know the pieces that need to be in place, but I have never deployed this type of network, just worked within it to troubleshoot issues. What you're looking into is EAP-TLS authentication.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |