If you are using AD credentials for your users, the easiest thing is to just use AD credentials for the computers as well.
I assume you have your users in some AD groups that are authenticated by RADIUS. Create another group (or use Domain Computers) that is also authenticated by RADIUS. Add the PCs you want to that group. Make sure the wireless 802.1x configuration on the PCs is set properly so the authentication mode is "user or computer". That should do it. -Malcolm From: Kelsey, John [mailto:jckel...@drmc.org] Sent: Friday, August 20, 2010 09:07 To: NT System Admin Issues Subject: RE: Wireless Machine Authentication I'm still striking out on making this work. I'm probably making it harder than what it is. I have mostly domain computers that need to authenticate by machine. Do I need to create a machine certificate for each individual machine? Then map that same cert to the computer AD account? From: Malcolm Reitz [mailto:malcolm.re...@live.com] Sent: Monday, August 02, 2010 11:12 AM To: NT System Admin Issues Subject: RE: Wireless Machine Authentication We used the machine AD credentials, as that is the path of least resistance. It is a pretty simple GPO configuration to set it all up, too. -Malcolm From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Monday, August 02, 2010 10:03 To: NT System Admin Issues Subject: RE: Wireless Machine Authentication You can either use machine certs or machine credentials (against AD, if the machines have credentials in AD.) Cheers Ken From: Kelsey, John [mailto:jckel...@drmc.org] Sent: Friday, 30 July 2010 10:36 PM To: NT System Admin Issues Subject: FW: Wireless Machine Authentication All Cisco LWAP access points using a 5508 wireless controller. We have PEAP set up so users can authenticate on the wireless network using their AD login.peachy. BUT.we have some machines that need to authenticate on the wireless before the user logs on (so they get can group policies and such). I thought we could just provide a generic credential and it would work but no such luck. How the heck do you make this work? The workstations are XP SP3 with intel wireless cards. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
