J
James Bullock
Hi there,
My question is this: we have our wireless setup pretty much identical to the
description in this white paper:
http://download.microsoft.com/downl...5c168/StepSecureWirelessAcc.doc#_Toc100984847
We have a working, established PKI infrastructure and all Cisco 1100 ap's
globally. We are using microsoft IAS with both a user and computer RAP. both
of these appear to work fine and the network is firmly in production.
It seems to work very well on the whole, machines are connected whilst users
arent logged on so they receive gpo updates etc, when a user logs on they
authenticate fine, providing they have previously been on the computer whilst
it is connected to a wired network. If they havent been on the machine via a
wired connection before there first log on on that machine then the machine
does not have a local copy of their certificate, neither can it auto-enrol
their certificate as it has no connectivity once they are logged on.
Consequently the wireless sticks on authenticating or "no certificate" in
these circumstances.
What i'd like is to somehow allow people to request/enrol a certificate when
logging onto the machine for the first time over wireless (rather than having
to first put them on the wired network), is it possible to specify limited
access during logon so the users account is able to connect to the pki box
and enrol a new user certificate? maybe with an additional remote access
policy?
We have absolutely no problems with the distribution of computer certificates.
I acknowledge that its fully possible that my implementation is at fault
here! As i cant find any indication that the behaviour i'm experiencing has
been a problem for anyone else!
Any advice/pointers greatly appreciated.
Jim
My question is this: we have our wireless setup pretty much identical to the
description in this white paper:
http://download.microsoft.com/downl...5c168/StepSecureWirelessAcc.doc#_Toc100984847
We have a working, established PKI infrastructure and all Cisco 1100 ap's
globally. We are using microsoft IAS with both a user and computer RAP. both
of these appear to work fine and the network is firmly in production.
It seems to work very well on the whole, machines are connected whilst users
arent logged on so they receive gpo updates etc, when a user logs on they
authenticate fine, providing they have previously been on the computer whilst
it is connected to a wired network. If they havent been on the machine via a
wired connection before there first log on on that machine then the machine
does not have a local copy of their certificate, neither can it auto-enrol
their certificate as it has no connectivity once they are logged on.
Consequently the wireless sticks on authenticating or "no certificate" in
these circumstances.
What i'd like is to somehow allow people to request/enrol a certificate when
logging onto the machine for the first time over wireless (rather than having
to first put them on the wired network), is it possible to specify limited
access during logon so the users account is able to connect to the pki box
and enrol a new user certificate? maybe with an additional remote access
policy?
We have absolutely no problems with the distribution of computer certificates.
I acknowledge that its fully possible that my implementation is at fault
here! As i cant find any indication that the behaviour i'm experiencing has
been a problem for anyone else!
Any advice/pointers greatly appreciated.
Jim