H I have built a Windows 2008 R2 NPS server. We have connected a RADIUS client (WIFI AP). I specified the authentication method on the Network Policy as 'Microsoft: PEAP' with MS-CHAP-v2 and MS-CHAP.

Install the Network Policy and Access Services Role. In previous versions of Windows Server, RADIUS functionality was provided by the Internet Authenticate Service (IAS). Sep 23, 2012 Windows Server 2008 R2 - Configure RADIUS for Cisco ASA 5500 Authentication.

When a user logs onto a client PC their AD User certiciate autoenrolled into the Users personal certificate store. So far so good. All Windows 7 users can connect without any problems to the WIFI network now. No XP clients can though. Win 7 clients have the option in the WLAN Advanced Settings 'Specify Authentication Mode: User or computer authentication' enabled.

This is why they can connect successfully. XP clients do not have this option though.

I am unsure at the moment how I can get XP clients to connect using their AD user certificate Can anyone help? Many thanks in advance! Hi, After speaking with an 802.1X expert here, the type of authentication you are talking about is called bonded authentication. This is where user authentication can only be performed if computer authentication is successful first. Some vendors attempt to do this (NPS does not) but this can be a problem when a computer goes into hibernation. When a computer wakes from hibernation, it does not re-authenticate to the network, resulting in a subsequent user authentication failure.

The only way to resolve this is to reboot. Hi, I think I see what you are trying to achieve. Grand Theft Auto Liberty City Stories.iso. You wish to deny connections to any user connecting from a machine without a computer certificate, which are typcially computers not joined to the domain. The problem here is that you cannot perform both computer and user authentication together. You can do computer authentication with user reauthentication, but you can't stop user authentication from occurring if computer authentication fails. In other words, you cannot tie the two instances of authentication together. They are always separate.