Greetings,
Setup:
Windows 2003 Enterprise server with IAS (Server is not a domain controller with a standalone CA)
Third party Wireless Access Point configured for external RADIUS authentication and pointing at the 2003 server
Windows XP Pro SP3 using wireless zero supplicant or Windows 7 (These PCs are not joined to any Windows domain)
Goal:
Successfully authenticate the Windows supplicants using computer certificates only. The supplicants would associate to the AP (authenticator), which would proxy the EAP exchange to the 2003 server IAS.
Questions:
1. Can this be done using the setup above? I don't want to join the supplicants to the domain. I also don't want to use user certificates so that I am not prompted with username/password during 802.1x authentication.
2. Does the Windows Server have to be a domain controller with Enterprise CA for this to work or is standalone server OK?
3. Would the Windows Supplicants request the computer certificate via the web enrollment using http://x.x.x.x/certsrv ?
4. Any good related white papers, links, tutorials, etc... ?
Thanks in advance!
Dave