locked
NPS two-way, certificate-based authentications RRS feed

  • General discussion

  • Is is possible to configure this here? how you can do it?

    Right now i got a wireless solution which use NPS radius on windows server 2008R2

    Right now im just doing a one way certificate authentication to protect my clients for man in the middle attacks.... but i was wondering if its possible

    I mean is protecting the client and not my network...

    I mean the clients check if the wireless connection is trusted with the certificate and thats it

    Is there a way to make the clients not able to connect if they dont have the certificate? i mean like having a requirement in which they NEED to have a  specific certificate installed  to connect to the wireless network?

    Right now what is protecting my network is that if the client is not in a specific group i configured on the nps it cant connect, and also the machine NEEDS to be in  a group so its able to connect... but i also would like that if he can check if they also got a certificate installed...

    Is that possible? it is possible to configure it on the nps? how?


    Sunday, June 10, 2012 2:37 AM

All replies

  • Hi NightShade1,

    Thanks for posting here.

    > I mean is protecting the client and not my network...

    >I mean the clients check if the wireless connection is trusted with the certificate and thats it

    >Is there a way to make the clients not able to connect if they dont have the certificate? i mean like having a requirement in which they NEED to have a  specific certificate installed  to connect to the wireless network?

    I think you are referring about the certificate-based authentication type (EAP-TLS or PEAP-TLS). A computer certificate, also known as a machine certificate, must be installed on each wireless client computer. For user authentication with EAP-TLS or PEAP-TLS after a network connection is made and the user logs on, you must use a user certificate on the wireless client computer.

    Certificate-based Authentication Protocols

    http://technet.microsoft.com/en-us/library/dd197564(WS.10).aspx

    Creating a secure 802.1x wireless infrastructure using Microsoft Windows

    http://blogs.technet.com/b/networking/archive/2012/05/30/creating-a-secure-802-1x-wireless-infrastructure-using-microsoft-windows.aspx

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    Monday, June 11, 2012 3:10 AM
  • Hi NightShade1,

    Please feel free to let us know if the information was helpful to you.

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    Tuesday, June 12, 2012 9:08 AM