3Com OfficeConnect WX1200 Release Note page 8
Wireless lan switch and controller mss version 3.0
Hide thumbs
Also See for OfficeConnect WX1200:
- Command reference manual (646 pages) ,
- Reference manual (520 pages) ,
- Quick start manual (10 pages)
Advertisement
8
W
LAN S
IRELESS
WITCH AND
Feature
Scenario Requiring Computer
Authentication
Systems management
Systems management application agents
agents
such as those that come with Microsoft Sys-
tems Management Server (SMS) frequently
need network access without user interven-
tion.
Remote Desktop Con-
Computers are accessible from Windows
nection
Remote Desktop Connection when no one
is logged on to Windows.
Shared folders
Files and folders shared from a computer
are still available, even when no user is
logged on.
Configuring computer authentication on the client is
simple, though it requires the use of the Microsoft
802.1x client built-in to Windows XP and Windows
2000. Keep the following information in mind when
configuring computer authentication on Microsoft cli-
ents:
To enable computer authentication, go to the
Authentication tab where you normally select your
802.1x authentication method and enable the
checkbox labeled Authenticate as computer when
computer information is available.
The authentication protocol that is configured for
your user accounts will also be used for the com-
puter account.
If the EAP protocol you are using requires client
certificates, you must use the Microsoft Enterprise
Certificate Authority built-in to Windows 2000
Server and Windows Server 2003 to generate
Computer certificates for PCs on your active direc-
tory domain. Microsoft Knowledgebase Article
C
MSS V
3.0 R
ONTROLLER
ERSION
N
ELEASE
OTES
KB313407 explains how to enable the automatic
distribution of computer certificates through
Active Directory.
If the user and machine accounts use different
VLANs, you must install hotfixes on the client PCs
to enable them to DHCP for a new IP address
when the user authentications. Windows XP
requires either the WPA Rollup Hotfix (KB826942)
or Hotfix KB822596. Windows 2000 requires
hotfix KB822596.
Using PEAP-MS-CHAP-V2 with computer authenti-
cation will allow users who have never logged on
to a PC authenticate wirelessly without having to
login to the PC over a wired connection the first
time. EAP-TLS still requires the user to connect to
the network over a wired connection to generate a
profile on the PC and a user certificate.
Enabling computer authentication also requires minor
reconfiguration of Active Directory and IAS. Please
note the following when configuring computer
authentication on an active directory domain:
You must grant dial-in access for the computer
accounts in Active Directory that you wish to
enable computer authentication on. If the tab to
configure dial-in access does not appear, follow
the directions in Microsoft Knowledgebase article
KB306260.
Review your remote access policies in IAS to insure
that the computer accounts have appropriate
group membership to allow them to match the
proper policy.
Advertisement
