Normal operation for that type of environment is to have a machine cert so that the machine can authenticate to the network before a users logs on to the machine itself, then to have a user cert for each user on the machine so that once the user logs in, the authentication switches to that user.
Now, that being said, I believe I remember reading that there is a registry key you can change that will force the machine to *only* auth as the machine. I don't know which key it is off the top of my head, but it would reside under the HKEY_LOCAL_MACHINE\Software\Microsoft\EAPOL branch of the registry. You can probably do some quick web searching and find it. You have to set this in the registry though, there is no corresponding GUI setting. As for the "Authenticate as computer..." setting in the Authentication tab, that only controls the "before the user logs in" authentication to the network. --Mike On Fri, 2004-07-16 at 06:57, Joe Meslovich wrote: > First off I would like to apologize if this is a frequently asked > question, but I am new to the list. > > What I would like to do is authenticate a laptop running Windows XP using > a machine certificate versus a user certificate. So far I have created a > certificate on the freeradius server and made sure that the name in the CN > field is the name of the system. I placed that certificate and the > root.der in the local computer certificate store of the laptop. > > From the freeradius side of things I never see a request to authenticate. > The laptop brings up the wireless interface and in the task bar it pops up > a warning stating that it cannot find a certificate with which to > authenticate the system. What do I need to do to make it see that computer > certificate. In the wireless configuration settings I have the thing to > "Authenticate as computer when computer information is available". > > Do I need to move that certificate to a different place or do I need to do > something to tell the system to look in the local computer store for it. > > Joe Meslovich > > ---------------------------------------------------------------------------- > Joe Meslovich [EMAIL PROTECTED] > Associate Network/Systems Engineer IT Center > Tel: (540) 828 - 5343 > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
