Re: 802.1x machine authentication without directory

---

• From: comphelp@xxxxxxxxx (Todd H.)
• Date: 30 Oct 2006 16:36:04 -0600

---

michael.owen <michael.owen@xxxxxxxxxxxx> writes:

Hi all,

I've been looking into a small-scale 802.1x rollout, and have encountered
something of a problem. The systems on the network I'd be NAC-ing are XP
boxes which are members of an NT4 domain, with all users authenticated at the
domain level. (No local accounts are typically used.) I was hoping to use
machine authentication, but it seems as though most RADIUS servers only
support machine auth when they have a directory (typically AD) to confirm the
membership of the supplicants. (This certainly appears to be the case with ACS,
and Steel-Belted radius as well, from what I can tell from the documentation.)

Obviously, I don't have an AD for these systems, despite having a PKI. (Possibly
an unusual situation.) Does anyone know of a RADIUS server or NAC product that
will support machine authentication without a domain to refer to? I see the
benefits of the directory query, but it's just not an option for this particular
situation.

(I'm more than happy to look at solutions outside the windows 802.1x support if
they work!)

Cheers for any advice,
Michael

If I have this straight, your only central username/password via an
NT4 domain controller? And you'd like users to be able use those
credentials to auth to your wireless network?

Just trying to make sure we understand what you have to auth against.

--
Todd H.
http://www.toddh.net/
.

---

• Follow-Ups:
  • Re: 802.1x machine authentication without directory
    • From: Michael Owen

• References:
  • 802.1x machine authentication without directory
    • From: michael . owen

• Prev by Date: 802.1x machine authentication without directory
• Next by Date: Re: 802.1x machine authentication without directory
• Previous by thread: 802.1x machine authentication without directory
• Next by thread: Re: 802.1x machine authentication without directory
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Couple of issues ... As for the group policy goes on nt4 domain, ... As for the internet explorer access, ... >> I have a network of around 50 users and when I log into ... (microsoft.public.win2000.security) Re: Hide Domain ... "Kerry" wrote in message ... Is there a way to hide the NT4 domain from ... the network places so that staff will not see it when they go into network ... (microsoft.public.windows.server.active_directory) NT4 to Active Directory Domain/Site Migration ... I am performing a NT4 domain consolidation into an existing domain ... to our own office and taking over network administration. ... If a user logins in it should have the same profile ... (microsoft.public.win2000.active_directory) Server Manager - Computer Descriptions ... I have a Win2k Native Mode AD Domain and one thing that ... really bothers me is when I go to browse network ... a former NT4 domain and I came from a NT4 domain and I ... really like server manager and the ease of use of the NT4 ... (microsoft.public.win2000.general) Re: Can Mac os x authenticate to windows 2003 domain ... what I'd like to do is to auth our OSX 10.3.3 /10.3.4 ... macs to our current NT4 domain. ... Will I then need to auth against LDAP? ... (microsoft.public.win2000.macintosh)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)