In practice, it is worse than that... Typically user certificates are only distributed via group policy when that user logs in successfully via a wired computer. The user would have had to login to a wired computer to even have the certificate distributed to the user's profile before using it wirelessly. That is why many secure environments only have wireless eap-tls with machine certificates and machine-only wireless authentication... Having a multi-user device with wireless user certificates is a headache to provision in practice for multiple user.
Colin Joseph
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here:
Community Knowledge Base