locked
802.1x SmartCard and Password in one Network RRS feed

  • Question

  • Hello,
    Is there any way to run multiple 802.1x authentication method on one computer ??
    I want to run 802.1x on computer where two types of users can login using username/password, and smartcard. What authentication method should I use on workstation or is it possible to configure ??

    Thanks for help,

    K
    Monday, February 22, 2010 12:20 PM

Answers

  • You can configure NPS policies for both types of authentication methods using 802.1X. You will want to use PEAP-MSCHAPv2 for username/password authentication and PEAP-TLS for smartcard authentication.

    You can manually configure the authentication methods on the workstation/client or utilize Group Policy. Typically, you will create a PKI infrastructure using AD Certificate Services and configure Group Policy auto-enrollment to distribute certificates to your domain members.

    Here is more information to help: http://technet.microsoft.com/en-us/library/cc730878(WS.10).aspx


    This TechNet forum post is provided "AS IS" with no warranties, and confers no rights. This entry reflects my own personal views and does not necessarily reflect the view of my employer.
    Wednesday, February 24, 2010 3:02 AM

All replies

  • You can configure NPS policies for both types of authentication methods using 802.1X. You will want to use PEAP-MSCHAPv2 for username/password authentication and PEAP-TLS for smartcard authentication.

    You can manually configure the authentication methods on the workstation/client or utilize Group Policy. Typically, you will create a PKI infrastructure using AD Certificate Services and configure Group Policy auto-enrollment to distribute certificates to your domain members.

    Here is more information to help: http://technet.microsoft.com/en-us/library/cc730878(WS.10).aspx


    This TechNet forum post is provided "AS IS" with no warranties, and confers no rights. This entry reflects my own personal views and does not necessarily reflect the view of my employer.
    Wednesday, February 24, 2010 3:02 AM
  • Ok I think we misunderstood a little.

    I know I can run 802.1x:
     - PEAP-MSCHAP v2 for username password
     - PEAP-TLS for Smartcard
    And I know that Radius Server can manage with this two type authentication. What I'm not sure how can I configure client (shared computer) to use both type of 802.1x methods. Policy per computer ?? probably not. Policy per user ? What with users logging first time on this computer how can they get network access and what auth method they use ?? if they don't have connection with DC to get GPO settings.

    Is anyone using 802.1x configuration using GPO per users not per computer ??


    Friday, February 26, 2010 9:17 AM
  • Hi,

    This question is still not answered but has fallen off the first page of the forum so it may not be getting the attention needed.

    Please let me know if there is any further information about this issue. I will also try to summarize the current question and get an answer if possible, or move the question to another forum if it is not appropriate for the NAP forum.

    Greg Lindsay

    Friday, March 19, 2010 10:29 PM