Windows Server 2003 - Is the CA, has IAS installed with a Cert. Default domain policy has auto cert enrollment configured for BOTH users and workstations.
On Windows 7, my policy looks like this.
WPA2-Enterprise
AES
Protected Peap
Validate Server Cert is CHECKED
Authentication Method is MS-CHAPv2 - Fast Reconnect (on client and server)
Automatically use Domain Credentials selected
Under Advanced Settings - I can do either User Auth or Computer Auth or Leave it blank.
Radius Policy has MSCHAP, and Peap as the EAP Option.
Also doing Domain Computers; Domain Users grant access.
Everything here works.
Question 1. This method is strictly using PEAP/MS-CHAPv2. - Correct
Question 2. The certificates I have on the computer for the user and workstation, are they even taken into account for this process? If so, in what fassion. If I uncheck Validate Server Certificate, i can still authenticate just fine. What benifit do i gain if i use the Validate Server Cert?
Question 3. If i change the Authentication Method to Smart Card or Cert, and use the SImple Method for selecting Certs, It does not allow me to connect.
I'm trying to discern all the difference radius options out there. Can anyone shed some light?
I want to fully understand all of the different settings and options available.
Thanks.