[Dshield] was Wireless MAC Authentication options now PEAP and XP.

Hernandez, Moses MHernandez3 at mercymiami.org
Mon Aug 29 18:14:43 GMT 2005


Yeah, something useful to mention however is that it only applies to
Smartcard / Certificate Based authentications. You can not change it to
for instance reflect PEAP MS-Chap V2 and those particular options. The
options I want to change on the clients are located under

-> LAN Adapter Properties -> Authentication -> Drop Down Box to
Highlight and Make it Protected EAP (PEAP) -> Properties -> Enable Fast
Reconnect.

Unfortunately there is no GPO for this. 

Anyone have any creative thoughts?

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of John B. Holmblad
Sent: Monday, August 29, 2005 1:00 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Wireless MAC Authentication options.

Also, I did some checking of Group Policy supprort for certificate based

authentication with 802.1x by opening up a pre-defined GP Object  called

    "Small Business Server Client Computer"

on Windows 2003 Small Business Server and, under the container path

Computer Configuration=>Administrative Templates=>Network=>Network 
Connections

there is a GP object entitled:

    "IEEE 802.1x Certificate Authority for Machine Authentication"

The text associated with the explanation of this object is as follows:

    If you want to use IEEE 802.1x machine authentication, configure
    this setting.

    If you enable this setting, it configures the Certificate Authority
    to be used on the client for authentication.

    To allow successful authentication, enable this setting and indicate
    the thumbprint or hash for your Certificate Authority.

    If you disable or do not configure this setting, the Certificate
    Authority for IEEE 802.1x machine authentication will not be
    configured on your client. This might cause machine authentication
    to fail.

    Note: The Certificate Authority that is configured by this setting
    only applies to machine authentication, and not to user
authentication.

One of the constraints of this GPO however is that it is applicable only
to Windows XP and Windows Server 2003 systems, and, apparently, not to
W2K Server or Pro.

**********************************************************************************************
IMPORTANT: The contents of this email and any attachments are confidential. They are intended for the 
named recipient(s) only.
If you have received this email in error, please notify the system manager or the sender immediately and do 
not disclose the contents to anyone or make copies thereof.
*** eSafe scanned this email for viruses, vandals, and malicious content. ***
**********************************************************************************************




More information about the list mailing list