802.1x machine authentication without directory
- From: michael.owen <michael.owen@xxxxxxxxxxxx>
- Date: Mon, 30 Oct 2006 15:15:19 -0600
Hi all,
I've been looking into a small-scale 802.1x rollout, and have encountered
something of a problem. The systems on the network I'd be NAC-ing are XP
boxes which are members of an NT4 domain, with all users authenticated at the
domain level. (No local accounts are typically used.) I was hoping to use
machine authentication, but it seems as though most RADIUS servers only
support machine auth when they have a directory (typically AD) to confirm the
membership of the supplicants. (This certainly appears to be the case with ACS,
and Steel-Belted radius as well, from what I can tell from the documentation.)
Obviously, I don't have an AD for these systems, despite having a PKI. (Possibly
an unusual situation.) Does anyone know of a RADIUS server or NAC product that
will support machine authentication without a domain to refer to? I see the
benefits of the directory query, but it's just not an option for this particular
situation.
(I'm more than happy to look at solutions outside the windows 802.1x support if
they work!)
Cheers for any advice,
Michael
----- Posted with Newsbin Pro 5.0 ------
--- www.newsbin.com ---
.
- Follow-Ups:
- Prev by Date: Re: Mcafee System Resources
- Next by Date: Re: 802.1x machine authentication without directory
- Previous by thread: Re: Searching (small) AES file + directory tree encryption tool
- Next by thread: Re: 802.1x machine authentication without directory
- Index(es):
