@j_moss_home wrote:
can i just check one more thing, sorry if i'm being a bit stupid here probably my lack of understanding. Can you validate the following approach i'm going to take: -
We will use a windows 2003 CA server to generate a certificate
we will install this on the windows 2003 IAS server
we will via group policy ensure the windows xp clients trust the windows 2003 CA
we can then disable local termination on the controllers and hopefully machine authentication will now work?
thanks
It is slightly better than that:
If your Windows 2003 Ca is an Enterprise CA (by default it is), clients will automatically trust the Windows CA. The only gotcha is that they will trust it within the first Group Policy refresh period, so you might have to do a "gpupdate /force" on the commandline if those devices have not refreshed their grouop policy.
You can then disable local termination and machine authentication should work, Yes.
Please see the PDF in the post here: http://community.arubanetworks.com/t5/Authentication-and-Access/Step-by-Step-How-to-Configure-Microsoft-IAS-Radius-Server-from/m-p/14391/highlight/true#M80 for detailed instructions.