General discussion


digit certs

By ptrainor ·
situation - bursar/finance executive now using HSBC online banking that uses smart card and digital cert.

problem - only when logged on as enterrpise admin does it work, even domain admin cannot access card and site. all users have same interent permissions so think the trouble is with staff gpo.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to digit certs

Believe the problem is in the user's remote access authentication requirements.

What you haven't said was what is used for authentication on the server side? a RADIUS server, ISA server? if a RADIUS server does the RADIUS server query AD for user rights? what connection type is required to allow Smart Card EAP with pin? Is the remote access policies configured for EAP Smart card and Pin?

Then you haven't said what the GPO does if anything for Smart Card EAP and pin authentication.

Need more information

Collapse -

by CG IT In reply to

Enterprise admins have virtually access to everything in a multi-forest/domain/site environment.

here is one of quite a # of possibilities surrounding the use of smart cards in a Windows 2003 environment.

Collapse -

by ptrainor In reply to digit certs

Thank you. Certs are new to me. Single domain. We now use a Linux box as proxy ( before used isa 2000) and only rule on proxy is filtering by "blacklist" categories that applies to all users incl enterprise admin.
On AD the only policy says allow certs if in AD.

Related Discussions

Related Forums