Windows EAP-TEAP Client Setup

Prerequisites

  • Windows 10/11 or Windows Server 2016+

  • Machine certificate (for cert-based auth)

  • Network Policy configured via GPO or manual

Group Policy Configuration

Wired Network Policy

  1. Open Group Policy Management

  2. Navigate to: Computer Configuration > Policies > Windows Settings > Security Settings > Wired Network (IEEE 802.3) Policies

  3. Create new policy or edit existing

Authentication Settings

Enable IEEE 802.1X authentication: Yes
Authentication Method: Microsoft: EAP-TEAP

EAP-TEAP Properties:
  - Enable Identity Privacy: Yes
  - Connect to these servers: ise-01.inside.domusdigitalis.dev
  - Trusted Root CAs: DOMUS-ROOT-CA

  Inner Methods:
    Primary: Smart card or certificate
    Secondary: Secured password (EAP-MSCHAPv2)

  EAP Chaining: Machine and user authentication

Manual Configuration

For non-domain devices:

  1. Open Settings > Network & Internet > Ethernet

  2. Click adapter > Properties

  3. Enable IEEE 802.1X authentication

  4. Settings:

    • Method: EAP-TEAP

    • Server: ise-01.inside.domusdigitalis.dev

    • Trusted CA: DOMUS-ROOT-CA

Certificate Deployment

Deploy machine certificate via:

  • Auto-enrollment GPO (domain-joined)

  • Manual import (standalone)

  • SCEP/NDES (MDM-managed)

Troubleshooting

Event Viewer

Check Windows event logs:

Applications and Services Logs > Microsoft > Windows > Wired-AutoConfig > Operational

Common Issues

  • Certificate not found: Check machine store

  • Server not trusted: Import DOMUS-ROOT-CA

  • Authentication timeout: Check network connectivity