It sounds like you're trying to accomplish client
authentication... yes? Remember, there a 4 methods of
authenticating the client - anonymous, basic, NT challange-
response, and SSL.
Anonymous - all clients are simply considered
authenticated.
Basic - users attempting to gain access to the resources
enter their username/pwd in the dialog box rendered by the
browser.
NT challange-response - authentication without requiring
actual passwords being transmitted across the network -
the browser uses cryptography to "prove its knowledge" of
the current users login/pwd.
SSL - based on public-key cryptography in which the users
client certificate is used to verify identity. BINGO!
Authentication takes place when the users private key
information is presented for authentication against the
public key information stored on the server... Do you
have the users key information installed on the server and
does the session know where to find them?
Also the advantage of this method is that you do not need
to setup individual accounts for each user attempting
access - multiple certificates can be mapped to one
account. Check account association also.
Hope this helps...
>-----Original Message-----
>I have setup a RRAS VPN server and it works for PPTP
>connections. I setup Certificate Services for L2TP
>connections. I have issued certificate for the server
>and the remote user. I get errors that state the client
>does not have a valid certificate and also that the
>server certificate is invalid as well. I used the MS
>white papers to alter the connection to use a shared
>secret for L2TP and that works. For some reason the
>certificates will not. My CA is an Enterprise Root and I
>have checked to make sure that it is in the Cert
>Publishers security group and that it is listed in
>Directory Services as a CA.
>
>Any ideas?
>
>-Richard
>.
>
|
Similar Threads
