khurram

Hello Everyone, I am using 802.1x client on windows XP using user certificates based to get authenticated from the Radius server using EAP-TLS. My problem is that I want to use more than one user certificates on the client and if the user choses certificate 1, he is authenticated to VLAN 1 by the radius server and if he choses certificate 2, he is assigned VLAN 2 by Radius server. The certificates are installed in the Current User certificate store. Now the problem here is that when you get authenticated for the first time using 802.1x EAP-TLS method, windows asks you to select the desired certificate and based on the chosen certificate, you are authenticated. After this, it does not ask you again when you try to get authenticated again and automatically uses the certificate that you chosed at the first selection In case you want to get authenticated to VLAN 2 using certificate no. 2, you need to go in mmc and delete the first certificate manually and then start the authentication process. I wonder if this can be done using some registry file similar to PEAP. For PEAP, windows caches the username and password in the following registry location [HKEY_CURRENT_USER\Software\Microsoft\Eapol\UserEapInfo] and you can over ride this file and windows will prompt for the username and password again. I wonder if similar can be done for EAP-TLS certificates as well. I will appreciate any pointers regarding this. Khurram

thanks alot for replying again clutch. actually i want to make things easier for the end user .. and in case of devcon, they have to install a tool and then u can run the batch file containing commands to disbale or enable the lan .. i wonder if there is any other way in windows XP and 2000 that user is prompted by 802.1x client to login the username and password useing PEAP ... i could trigger that login only when I take out the cable from LAN or when I disable it and then enable it again .. regards khurram

Hi clutch Thanks for your reply. I tried this command netsh interface set interface name="Local Area Connection" admin=ENABLED But I get the following message One or more essential parameters not specified The syntax supplied for this command is not valid. Check help for correct syntax. But if I try the following command, it works and the name of the interface is changed, netsh interface set interface name="Local Area Connection" newname=LAN1 There is one more thing that it says in the help, admin - whether the interface should be enabled <non-LAN only>. But for newname it says, newname - new name for the interface <LAN only> I wonder does it mean that I can disable or enable only the logical interfaces and not the physical ones and can change the name for physical ones (as it worked for me) Thanks again for your help and time. I highly appreciate this. Khurram [Edited by khurram on 2004-10-20 06:05:37]

Hi, I tried netsh and netsh interface but I could not find any command in that which disables or enables a specific interface. Mostly the commands are to set the parameters for an interface.

Hello Everyone, I want to disable and enable the wired connection (ethernet adapter) in my laptop though command prompt. I am trying to use PEAP using windows XP 802.1x client for user authentication and in some cases, the user will like to enter a different username and password. The 802.1x client in windows prompts for the username and password only when you take out the cable or disable and enable the ethernet connection. So if anyone can tell me how can i disable and enable a specific interface in windows xp using the command line interface, I will be greatful. Regards Khurram