Points to Note When Using the WXR100, WX1200, WX4400, or WX2200 11
Configuring computer authentication on the client is
simple, though it requires the use of the Microsoft
802.1X client built-in to Windows XP and Windows
2000. Keep the following information in mind when
configuring computer authentication on Microsoft
clients:
■ To enable computer authentication, go to the
Authentication tab where you normally select
your 802.1X authentication method and enable
the checkbox labeled Authenticate as computer
when computer information is available.
■ The authentication protocol that is configured for
your user accounts will also be used for the com-
puter account.
■ If the EAP protocol you are using requires client
certificates, you must use the Microsoft Enterprise
Certificate Authority built-in to Windows 2000
Server and Windows Server 2003 to generate
Computer certificates for PCs on your active direc-
tory domain. Microsoft Knowledgebase Article
KB313407 explains how to enable the automatic
distribution of computer certificates through
Active Directory.
■ If the user and machine accounts use different
VLANs, you must install hotfixes on the client PCs
to enable them to DHCP for a new IP address
when the user authentications. Windows XP
requires either the WPA Rollup Hotfix (KB826942)
or Hotfix KB822596. Windows 2000 requires
hotfix KB822596.
■ Using PEAP-MS-CHAP-V2 with computer authenti-
cation will allow users who have never logged on
to a PC authenticate wirelessly without having to
login to the PC over a wired connection the first
time. EAP-TLS still requires the user to connect to
the network over a wired connection to generate a
profile on the PC and a user certificate.
Enabling computer authentication also requires minor
reconfiguration of Active Directory and IAS. Please
note the following when configuring computer
authentication on an active directory domain:
■ You must grant dial-in access for the computer
accounts in Active Directory that you wish to enable
computer authentication on. If the tab to configure
dial-in access does not appear, follow the directions
in Microsoft Knowledgebase article KB306260.
■ Review your remote access policies in IAS to insure
that the computer accounts have appropriate
group membership to allow them to match the
proper policy.
Feature Scenario Requiring Computer Authentication
Active Directory computer
Group Policy
Computer–based Group Policy is applied during
computer start up and at timed intervals—even
when no on is logged in to windows.
Network logon scripts Network logon scripts are run during initial user
login.
Systems management
agents
Systems management application agents such as
those that come with Microsoft Systems Manage-
ment Server (SMS) frequently need network
access without user intervention.
Remote Desktop Connec-
tion
Computers are accessible from Windows Remote
Desktop Connection when no one is logged in to
windows.
Shared folders Files and folders shared from a computer are still
available, even when no user is logged in.