Ken, If you are lucky enough to have all your clients with XP, you can use GPO to configure the Wireless policies. Check it out under "Computer Configuration\Security Settings\Wireless network (IEEE 802.11) policies"
The link below should answer your questions regarding computer/user authentication (check the "Notes" section): http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/define_8021x_inGP.asp If you run into issues with XP pre-SP2, also take a look at the following wireless update rollup for XP: http://support.microsoft.com/default.aspx?scid=kb;en- us;826942&Product=winxp. It did resolve some issues I was having. Not sure all this will work with W2K though - have not tested that yet. Cheers, Guy On Fri, 2004-10-08 at 11:06 -0500, Ken Cornetet wrote: > Is there any way to force EAP-TLS wireless authentication to use > machine certificates exclusively (instead of user certs) for client > side authentication? Or better yet, require BOTH user and machine > certs? > > Here's the setup: > > IBM Thinkpads with either integrated cisco 802.11b or Cisco cards. > Running XP. > Cisco access points > MS Internet Authentication Server running on a non DC 2k3 box. > > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
