802.1x computer authentication PEAP-MSCHAPv2 during startup

802.1x computer authentication PEAP-MSCHAPv2 during startup

Post by RodV » Wed, 18 Apr 2007 06:41:14


Hi group,

We are setting up a 802.1X infrastructure for a wired network (IAS + HP
Procurve switches)
Authentication mode setup for PEAP-MSCHAPv2 (requiring a certificate for IAS
server and the issuer CA cert to be trusted by 802.1x clients)
the computers are already members of the domain.

User authentication is performing well, but after login only.
Computer authentication should kick-in before msgina ctrl+alt+del dialog box
appear, but it is not the case (tail -f on eapol.log, iassam.log, rastls.log
show no activity during computer startup on ias server)

Has anyone an idea why computer authentication is not tried by the client at
startup ?
thank you in advance..

IAS : EnableWPSCompatibility registry value is set.
client (xpsp2): Tried Authmode 0,1,2 Supplicant mode 2
 
 
 

802.1x computer authentication PEAP-MSCHAPv2 during startup

Post by cnQtc2V » Wed, 18 Apr 2007 16:14:03

Hello,



You need to enable "Authenticate as computer when computer information
is available" on your client's network card. This option is found at the
"Authentication" tab of the network card settings.

Sebastian

 
 
 

802.1x computer authentication PEAP-MSCHAPv2 during startup

Post by RodV » Wed, 18 Apr 2007 18:38:02

hi.
The option box is already checked.


XXXX@XXXXX.COM ...
 
 
 

802.1x computer authentication PEAP-MSCHAPv2 during startup

Post by cnQtc2V » Wed, 18 Apr 2007 18:50:02

Hi,



For a test, try to set Authmode=2 and SupplicantMode=3 to enforce
computer-only authentication with 802.1x-compliant supplicant behavior.
You might also enable debugging at the switch in order to see what happens
when the computer boots up.


Sebastian