locked
User-based Certificate Authentication RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I have applied 802.1x in wired connections and it worked well. Now, I want to change the authentication to user-based, because right now as the NPS log showed, it checked the machine certificate. Any setup I need to modify so that the NPS checks the user certificate?

    Thanks!

    Tuesday, September 6, 2016 8:05 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Harry,

    >> "Use default gateway on remote network"This is already disabled on client machine.

    I have tested it at my Lab, it works.

    Please ensure your client could access internet before it connect to VPN server.

    >> Do you have detailed instructions or reference article for step by step guidance on this

    If you did not want to enable use default gateway on remote network, you could configure router.

    Please open VPN manger, and expand IPv4, right-click static routes, click New Static Route…, and configure Destination address to be 0.0.0.0, and configure Metric to be 5.

    Please reference picture below:

    Besides, you could try configuring NAT to get the goal, expand IPv4, double-click adapter that was used for VPN connection.

    And then select Services and Ports tab, unselect VPN Gateway(L2TP/IPsec-running on this server) and VPN gateway(PPTP).

    Please reference picture below:

    Best Regards

    John

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    • Edited by John Lii Wednesday, September 21, 2016 6:56 AM
    • Proposed as answer by John Lii Friday, September 30, 2016 8:09 AM
    • Marked as answer by Leo Han Monday, October 10, 2016 7:00 AM
    Wednesday, September 21, 2016 6:53 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Ivan,

    Please configure authentication method of NPS to be EAP, and add Microsoft: Smart Card or other certificate.

    Please check picture I posted.

    On client, you need to install certificate and configure authentication method to be certificate authentication.

    Best Regards

    John

    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 7, 2016 7:12 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    thank you for the response. Yeah I've done that, but at the NPS logs, it checked the user from the hostname, not the user itself. Any ideas?

    Appreciate your help.

    Thank you.

    Wednesday, September 7, 2016 8:57 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Ivan,

    Sorry for reply later.

    Please check if you have configure condition with Machine Groups or Windows Groups.

    Best Regards

    John

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 14, 2016 8:02 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    hello John,

    thank you for your response. I have configured and the user authentication works.

    I'm just curious, how did the user authentication works?

    It worked previously because I was on site, I saw the dot1x logs and it showed success authentication. Recently, I tried via remote desktop connection, and the authentication failed.

    Does the user certificate authentication can not work via remote desktop connection?

    Thank you.

    Best Regards,

    Ivan

    Thursday, September 15, 2016 3:18 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Ivan,

    >> how did the user authentication works?

    Please check the article to understand information about NPS authentication process.

    NPS Authorization Process

    https://technet.microsoft.com/en-us/library/dd197420(v=ws.10).aspx

    >> Does the user certificate authentication can not work via remote desktop connection

    For this issue, I suggest that you could post it to RDS forum for better solution.

    Remote Desktop Services

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverTS

    Best Regards

    John

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 16, 2016 6:46 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best Regards,

    John

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, September 19, 2016 8:34 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Thank you, it seems that when i try to connect via rdp, the user authentication wont work, so it kinda solved now. 

    Can personal certificate stores more than one certificate? i'm trying to authenticate via user, because the users do not stay in one place, they move around to different PCs. I tried it, and the authentication fails.

    Best Regards,

    Ivan

    Tuesday, September 20, 2016 8:34 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Harry,

    >> "Use default gateway on remote network"This is already disabled on client machine.

    I have tested it at my Lab, it works.

    Please ensure your client could access internet before it connect to VPN server.

    >> Do you have detailed instructions or reference article for step by step guidance on this

    If you did not want to enable use default gateway on remote network, you could configure router.

    Please open VPN manger, and expand IPv4, right-click static routes, click New Static Route…, and configure Destination address to be 0.0.0.0, and configure Metric to be 5.

    Please reference picture below:

    Besides, you could try configuring NAT to get the goal, expand IPv4, double-click adapter that was used for VPN connection.

    And then select Services and Ports tab, unselect VPN Gateway(L2TP/IPsec-running on this server) and VPN gateway(PPTP).

    Please reference picture below:

    Best Regards

    John

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    • Edited by John Lii Wednesday, September 21, 2016 6:56 AM
    • Proposed as answer by John Lii Friday, September 30, 2016 8:09 AM
    • Marked as answer by Leo Han Monday, October 10, 2016 7:00 AM
    Wednesday, September 21, 2016 6:53 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best Regards,

    John

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 30, 2016 8:09 AM