Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945

Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!

Outage on MySophos and Partner Portal. You may contact Sophos Support through Phone.

IPSEC L2TP - with computer certificates from Win PKI and RADIUS

Hi everyone,

i want the possibility that users can access one of our Active Directory Servers before they can login.

We have about 80% remote workers and everytime someone forgets their password it's a hell of work to get them "back on the horse".

 

Normally we use the SSL VPN client to connect to our network. But this is not compatible with "pre login" VPN (no i don't want to write the password in the conf file).

And at the moment i do not want to rollout "AlwaysON VPN".

 

So i thought that i could leverage the fact that every computer has an own computer certifcate and authenticate with this. Is this even possible?

I've read many tutorials but when they use RADIUS they use username/password and if they use certificate they use "local" authentication.

 

Best regards

Stephan