|
|
Focus on Microsoft
IEEE 802.1x & EAP-TLS design based on Windows 2000 Server Aug 08 2005 08:16PM Rodrigo Blanco (rodrigo blanco r gmail com) (2 replies) Re: IEEE 802.1x & EAP-TLS design based on Windows 2000 Server Aug 08 2005 10:33PM Rasmus Rønlev (rr it cbs dk) |
|
Privacy Statement |
> still configure some auto-enrollment based on the users' AD logon? If
> not, what is the best option in order to minimize administrative
> effort?
No. AFAIK, Only Enterprise CA can be used for auto-enrollment. You can choose PEAP MSCHAPv2 for client authentication instead. In this case you don't need to manage client-side certificates and revocation.
If you need to use client certificates - create new Enterprise Subordinate CA for issue client certificates.
> - Since MS Certificate Services are in standalone mode, is it possible
> to have the IAS server map certificates to AD users
You can bind user-to-certificate manually in AD, but I think this is not best solution.
> If you could point me to any paper or step-by-step guide that can
http://www.altavista.com/web/results?itag=ody&q=site%3Amicrosoft.com+802
.1x+step-by-step&kgs=0&kls=0 ????
PS. You want to use client certificates, where you will store it? In local profile, or on smartcard?
Will you authenticate computer or user or both?
(c)oded by offtopic (at) mail (dot) ru [email concealed]
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]