Yeah I have just stumbled on that registry key. Thanks for the help though I am now getting requests at the radius server that have "host/computername" as the username. I am looking through the documentation for trying to make that work. And just so everyone knows I am using freeradius 0.9.3. Some of the examples of saw of stripping out the "host/" part looked like they were for older versions of freeradius.
Joe Meslovich. On Fri, 16 Jul 2004, Michael Griego wrote: > Normal operation for that type of environment is to have a machine cert > so that the machine can authenticate to the network before a users logs > on to the machine itself, then to have a user cert for each user on the > machine so that once the user logs in, the authentication switches to > that user. > > Now, that being said, I believe I remember reading that there is a > registry key you can change that will force the machine to *only* auth > as the machine. I don't know which key it is off the top of my head, > but it would reside under the > HKEY_LOCAL_MACHINE\Software\Microsoft\EAPOL branch of the registry. You > can probably do some quick web searching and find it. You have to set > this in the registry though, there is no corresponding GUI setting. As > for the "Authenticate as computer..." setting in the Authentication tab, > that only controls the "before the user logs in" authentication to the > network. > > --Mike > > > On Fri, 2004-07-16 at 06:57, Joe Meslovich wrote: > > First off I would like to apologize if this is a frequently asked > > question, but I am new to the list. > > > > What I would like to do is authenticate a laptop running Windows XP using > > a machine certificate versus a user certificate. So far I have created a > > certificate on the freeradius server and made sure that the name in the CN > > field is the name of the system. I placed that certificate and the > > root.der in the local computer certificate store of the laptop. > > > > From the freeradius side of things I never see a request to authenticate. > > The laptop brings up the wireless interface and in the task bar it pops up > > a warning stating that it cannot find a certificate with which to > > authenticate the system. What do I need to do to make it see that computer > > certificate. In the wireless configuration settings I have the thing to > > "Authenticate as computer when computer information is available". > > > > Do I need to move that certificate to a different place or do I need to do > > something to tell the system to look in the local computer store for it. > > > > Joe Meslovich > > > > ---------------------------------------------------------------------------- > > Joe Meslovich [EMAIL PROTECTED] > > Associate Network/Systems Engineer IT Center > > Tel: (540) 828 - 5343 > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > ---------------------------------------------------------------------------- Joe Meslovich [EMAIL PROTECTED] Associate Network/Systems Engineer IT Center Tel: (540) 828 - 5343 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html