Configuring EAP Certificate based authentication RRS feed

  • Question

  • I'm looking to setup a wireless network that uses 802.1x certificate based authentication. What I mean by that is that in order for a user to connect to the wireless network, they have to have either a user or computer certificate. (Preferably a user certificate...)

    So far I've been able to easily setup a working scenario where EAP-MSCHAP v2 is used for authentication, however every time I attempt to change that to "Smart Card or other certificate" I can never get the wireless clients to connection.

    The NPS server has the access point setup as a RADIUS client. There's a connection request policy with a condition looking for a NAS port type of wireless. There's a network policy configured where the only conditions is that the NAS port type is wireless and that the user is in the Domain Users group. Also in the network policy, the constraints tab only has modifications done under Authentication Methods where I've selected to use EAP type "Microsoft: Protected EAP (PEAP)", and under the "Edit" window of that is where I can toggle between using EAP type MSCHPv2 or a certificate. Like I said before, under this config I can get things to work fine under MSCHPv2, however once I change the network policy to use certificates, I can't get it to work.

    On the Windows client side, I've verified that the user certificate has been obtained, and that the wireless profile is also configured to use Protected EAP (PEAP) with the method of authentication being a certificate.

    What am I doing wrong here?

    Wednesday, July 31, 2013 6:10 PM


  • Hi,

    The 802.1x client does not use registry-based certificates that are either smart-card certificates or certificates that are protected with a password.
    For more information:

    Network access authentication and certificates

    Define 802.1X authentication for wireless networks on a client computer

    Hope this helps

    • Marked as answer by Jeremy_Wu Friday, August 9, 2013 5:47 AM
    Thursday, August 1, 2013 9:32 AM