Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

802.1x using tthe Microsoft Supplicant with Smart Cards

Status
Not open for further replies.
RookThis

RookThis

Technical User
Jul 27, 2002
195
US
I am trying to get the microsoft supplicant to work with machine certificates and smart cards. I have the supplicant configure via the registry settings as AuthMode set to 1 and SupplicantMode set to 3. The AuthMode setting of 1 authenticates first by using the machine certificate, which works fine, and then forces another re-authentication with user credentials. This is the part that doesn't work. When the users gets the GINA screen (ctl/alt/del) and enters the user credentials the PC never responds to the EAP Identity Request that is generated by the switch. From the debugs that I am running I never see a response from the PC. It's as if the certificate can not be read from the smart card, or maybe the mechanism where you are prompted to enter a pin isn't support in this mode. Does anyone have any experience with this? I've been told that other third party supplicants will work, but that will require an added expense and would prefer getting the MS supplicant to work instead. Any suggestions?
 
Sort by date Sort by votes
are u using the IAS side of the 2003 server ?? microsoft

The most overlooked advantage to owning a computer is that if they foul up there's no law against wacking them around a little.
 
Upvote 0 Downvote
No I'm using Cisco's ACS server for the IAS piece. If that's what you are referring to.
 
Upvote 0 Downvote
yes i was, sorry i don't think i can help you.. does the cisco set up a RADIUS in the inviroment that you a using?

The most overlooked advantage to owning a computer is that if they foul up there's no law against wacking them around a little.
 
Upvote 0 Downvote
yes it does... PC==>switch===>Cisco Radius Server==> points to a GPO area where the certs are stored I think. I'm not exactly sure how this works on the radius side, but the part that I think is broken is on the PC when the user credentials are issued by the user I see an EAP identity request from the switch, but I never see a response from the PC, which I believe it should be getting it from the smart card.
 
Upvote 0 Downvote
my thoughts are having set this up on a 2003 server is to check the right certificates are being seen at the computer end from the cisco...

good luck ...merry xmas

The most overlooked advantage to owning a computer is that if they foul up there's no law against wacking them around a little.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

hipath4k
  • Locked
  • Question
WIFI router with inbuilt multiple user login and password
Replies
0
Views
94
hipath4k
hipath4k
Stealth1007
  • Locked
  • Question
Please help with DD-WRT bandwith issues when Panasonic NS700 is connected
Replies
1
Views
120
goombawaho
goombawaho
themanstan
  • Locked
  • Question
Help with SP3
Replies
1
Views
79
rclarke250
rclarke250
goombawaho
  • Locked
  • Question
Slow Wireless with Netgear WN604
Replies
0
Views
68
goombawaho
goombawaho
ateknor
  • Locked
  • Question
Your Experience with Cell Phone Signal Boosters
Replies
1
Views
49
robertjo24
robertjo24

Part and Inventory Search

Sponsor

Back
Top