Примечания к выпуску для Cisco Cisco Aironet 350 Wireless LAN Client Adapter
7
Release Notes for Cisco Aironet 802.11a/b/g Client Adapters (CB21AG and PI21AG) Install Wizard 2.0
OL-7578-01
New and Changed Information
Support for Domain Logon with EAP-TLS
The CB21AG and PI21AG client adapters now support domain logon with EAP-TLS. This feature
enables you to attempt to log into a domain using machine authentication with a machine certificate and
machine credentials. Doing so enables your computer to connect to the network prior to user logon.
enables you to attempt to log into a domain using machine authentication with a machine certificate and
machine credentials. Doing so enables your computer to connect to the network prior to user logon.
To support this feature, a new check box has been added to the Define Certificate window in ADU. The
check box, which is entitled Use Machine Information for Domain Logon, is disabled by default.
check box, which is entitled Use Machine Information for Domain Logon, is disabled by default.
•
If the check box is checked, a machine certificate is always tried at domain logon (before the user
logs on).
logs on).
•
If the check box is not checked, machine authentication is not performed. Authentication does not
occur until the user is logged in.
occur until the user is logged in.
Follow these steps to ensure that domain logon with EAP-TLS functions properly.
Step 1
Follow your organization’s standard procedure to obtain a machine certificate from the server and ensure
that client machine access is enabled on the server.
that client machine access is enabled on the server.
Step 2
Ensure that the permissions for the MachineKeys folder, which stores the certificate pair keys for both
the computer and users, are set correctly. Refer to Microsoft knowledgebase article Q278381 for
information on correctly setting up folder permissions:
the computer and users, are set correctly. Refer to Microsoft knowledgebase article Q278381 for
information on correctly setting up folder permissions:
Note
If you ever change permissions on higher-level directories and those settings are applied to all
subdirectories, you may need to reset the permissions for the MachineKeys folder.
subdirectories, you may need to reset the permissions for the MachineKeys folder.
Step 3
Create and activate a profile that uses EAP-TLS authentication and has the Use Machine Information for
Domain Logon check box checked.
Domain Logon check box checked.
Step 4
When you check the Use Machine Information for Domain Logon check box, a new check box entitled
Always Do User Authentication becomes active.
Always Do User Authentication becomes active.
•
Check this check box if you want the client to switch from using machine authentication to using
user authentication after you log on using your username and password.
user authentication after you log on using your username and password.
•
Uncheck this check box if you want the client to continue to use machine authentication after your
computer logs into the domain.
computer logs into the domain.