Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IEEE 802.1x & EAP-TLS design based on Windows 2000 Server

from [offtopic] Network Security [Permanent Link]
Subject: Re: IEEE 802.1x & EAP-TLS design based on Windows 2000 Server
Date: Tue, 09 Aug 2005 06:51:24 +0400 
- Although the MS Certificate Services are in standalone mode, can I
still configure some auto-enrollment based on the users' AD logon? If
not, what is the best option in order to minimize administrative
effort?


No. AFAIK, Only Enterprise CA can be used for auto-enrollment. You can choose 
PEAP MSCHAPv2 for client authentication instead. In this case you don't need to 
manage client-side certificates and revocation.
If you need to use client certificates - create new Enterprise Subordinate CA 
for issue client certificates. 


- Since MS Certificate Services are in standalone mode, is it possible
to have the IAS server map certificates to AD users


You can bind user-to-certificate manually in AD, but I think this is not best 
solution.


If you could point me to any paper or step-by-step guide that can


http://www.altavista.com/web/results?itag=ody&q=site%3Amicrosoft.com+802.1x+step-by-step&kgs=0&kls=0
 ????


PS. You want to use client certificates, where you will store it? In local 
profile, or on smartcard?
Will you authenticate computer or user or both?


(c)oded by offtopic@mail.ru


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IEEE 802.1x & EAP-TLS design based on Windows 2000 Server, Pidgorny, Slav
Next by Date:  Re: IEEE 802.1x & EAP-TLS design based on Windows 2000 Server, Rodrigo Blanco
Previous by Thread:  Re: IEEE 802.1x & EAP-TLS design based on Windows 2000 Server, Rasmus Rønlev
Next by Thread:  Re: IEEE 802.1x & EAP-TLS design based on Windows 2000 Server, Rodrigo Blanco
Indexes:  [Date] [Thread] [Top] [All Lists]