Wireless Access

 View Only
last person joined: 2 days ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Windows 10 EAP-TLS Computer Auth User-Name

This thread has been viewed 14 times
  • 1.  Windows 10 EAP-TLS Computer Auth User-Name

    Posted Jan 21, 2022 12:37 PM
    All-

    Does anyone know:

    1) Is there is a meaningful way to influence the User-Name attribute sent by a Windows EAP-TLS supplicant when using Computer Authentication via GPO or registry?  (The whole host\fqdn bit.)

    (and/or)

    2) Is there a way to programmatically influence the username value of "Use a different user name for the connection" either by GPO or registry?


    We are moving toward eduroam as a primary SSID and need a fully qualified username.  We've long had eap-tls in play with computer auth/certs with our vanity SSID, and the *only* place we're struggling here is with our managed Windows machines.  I'm not a windows client OS expert, but often find the folks here have a a deep well of knowledge I was hoping to tap into.

    Thanks!

    ------------------------------
    Kevin Schoenfeld
    ------------------------------


  • 2.  RE: Windows 10 EAP-TLS Computer Auth User-Name

    MVP EXPERT
    Posted Jan 21, 2022 03:30 PM
    When I set up
    EAP-TLS for eduroam
    , the CN of your cert maps to the username , so cn=ccsas@york.uk gave you a username of ccsas@york.ac.uk