Windows XP supplicant limitation ?
Hi, Hi, - user auth after the doain controler has accepted logon. Does anybody know if the windows XP supplicant is able to do this ? Do I need a better supplicant ? aegis? secureW2? Funk Odissey ? i believe it wont do anything useful or multifunctional like you require. a good option would be to use the supplicant so authenticate the system, then use something like pGina to do the user authentication - that can then authenticate the user against a RADIUS server pgina - http://pgina.xpasystems.com/info/ alan In fact, XP supplicant seems to allow only one auth method (EAP-TLS or PEAP). If I use TLS machine auth will be OK, so I can log on my domain and get my roaming profile. But If want to keep my network connection, I have to use a user cert too or do the registry hack (AuthMode set to 2). If I choose to use PEAP, computer auth, as far as I understood, will never work, so I won't be able to log on my domain... A solution may be a supplicant which first tries to make a network connection (using username/password), and then, if it succeeds, tries to authenticate user against the domain. I don't see how pgina will help me... sorry. Regards, Jeremy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows XP supplicant limitation ?
Hi, - user auth after the doain controler has accepted logon. Does anybody know if the windows XP supplicant is able to do this ? Do I need a better supplicant ? aegis? secureW2? Funk Odissey ? i believe it wont do anything useful or multifunctional like you require. a good option would be to use the supplicant so authenticate the system, then use something like pGina to do the user authentication - that can then authenticate the user against a RADIUS server pgina - http://pgina.xpasystems.com/info/ alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Windows XP supplicant limitation ?
Hi, I want to use - EAP-TLS for machine auth (with cert.) then - EAP-PEAP for the user auth (with login/password) I managed to make both to work alone but not together... I just want to follow the xp supplicant behaviour: - computer auth. before logon to gain network access to the domain controler. - user auth after the doain controler has accepted logon. Does anybody know if the windows XP supplicant is able to do this ? Do I need a better supplicant ? aegis? secureW2? Funk Odissey ? Thanks Jeremy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Windows XP supplicant limitation ?
Hi Jeremy, Unfortunately, the windows supplicant won't let you do that. Various third party supplicants can do it but not the one included by MS. Again, I know that the Funk Odyssey client can do this because I've done it myself (before I got GINA working). My main area of dissatisfaction with this mechanism is the administrative load of generating, deploying and maintaining a per-host certificate. Rgds, Guy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jérémy Cluzel Sent: 02 September 2005 15:41 To: freeradius-users@lists.freeradius.org Subject: Windows XP supplicant limitation ? Hi, I want to use - EAP-TLS for machine auth (with cert.) then - EAP-PEAP for the user auth (with login/password) I managed to make both to work alone but not together... I just want to follow the xp supplicant behaviour: - computer auth. before logon to gain network access to the domain controler. - user auth after the doain controler has accepted logon. Does anybody know if the windows XP supplicant is able to do this ? Do I need a better supplicant ? aegis? secureW2? Funk Odissey ? Thanks Jeremy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html This e-mail is private and may be confidential and is for the intended recipient only. If misdirected, please notify us by telephone and confirm that it has been deleted from your system and any copies destroyed. If you are not the intended recipient you are strictly prohibited from using, printing, copying, distributing or disseminating this e-mail or any information contained in it. We use reasonable endeavours to virus scan all e-mails leaving the Company but no warranty is given that this e-mail and any attachments are virus free. You should undertake your own virus checking. The right to monitor e-mail communications through our network is reserved by us. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
