Hi, DISCLAIMER: I'm no Windows specialist.
john wrote: > > I am having a hard time figuring out how to make this work. Where/how > does the cert get imported. Do I need to make a registry change in > KEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters\General\Global > to make this work? I hope this is the part someone on the list will > have done before and be able to guide me or point me at a howto. I had a hard time with this as well, and finally succeeded, using Windows XP. There are many points that matter: * You have to edit your registry to add a "AuthMode" dword key in KEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters\General\Global with value 2. * You have to load your certificate and private key in the computer's personal store. I did that with mmc.exe. Note that loading the certificate and private key in a user's personal store and then moving them to the computer's store did not work for me. * Your certificate must have "X509v3 Extended Key Usage: TLS Web Client Authentication" or Windows won't use it. * The username Windows will use is the name in the certificate with "host/" prepended. Note that things are quite different with Windows Vista. Hope this helps, -- Nicolas Boullis Ecole Centrale Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
