We are deploying EAP-TLS on NPS to require both a user and a computer certificate to connect to our wireless network. My question is, if a user that doesn’t already have a user certificate and logs onto a laptop while it is wireless, will the computer certificate alone allow the user to authenticate to the domain and auto-enroll for the user certificate (assuming they have the appropriate permissions applied.) Or since both a user and a computer certificate are required for the wireless network, will that user be required to plug in the laptop to a wired connection first before they would be able to connect to the domain and obtain the certificate? Is this configurable?
↧