Re: Remote Desktop to a machine that is 802.1x authenticated (wire


I am interested in IEEE 802.1x standard based behavior for this case.
User authentication is something which I don't want to compromise with.
I would prefer having both types of authentication (computer/user).

To my knowledge, when we boot windows machine, first machine authentication
happens and then user authentication.
Can't we have similar behavior for remote desktop as well?

If it is a known issue, I am ok with it. Just that I found the issue to be
known on Microsoft's site for wireless case, I wanted to confirm if the same
is true for wired case.

I would appreciate if I get to know more details on the problem, if any.




"S. Pidgorny <MVP>" wrote:

What if you disable re-authentication with user credentials and use
machine-only authentication?

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"Ganesh Jaju" <Ganesh Jaju@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:900CD001-AA1C-4FCF-A708-260F6AEFBEFF@xxxxxxxxxxxxxxxx

When I do a remote desktop to machine that is 802.1x authenticated by an
user, machine authentication begins leading to logout of earlier logged in
user. Due to some reason the machine is not able to logged in leading to
blocking of port .

I am using IAS on Widows 2000 server as Radius server. I have a Windows XP
machine as my endhost which is to be authenticated and the configured
authentication type for 802.1x authentication on my machine is
PEAP-MS-CHAP
v2. And Nevis Switch acts as authenticator.

I could find such an issue reported on Microsoft's site but it is for
wireless case.
Check the same at :-
http://www.microsoft.com/technet/network/wifi/wififaq.mspx
In Microsoft's words:-

Q. Do Remote Desktop connections work to Windows wireless clients that use
802.1X authentication?

A. Not at this time. All 802.1X-based wireless connections are affected,
including those using EAP-TLS or PEAP-MS-CHAP v2. Connections using a
static
WEP key or WPA-PSK are not affected. Microsoft has addressed this issue in
Windows Vista and Windows Server "Longhorn."

So is the issue valid for wired networks as well (I feel wired/wireless
should not be an issue as supplicant behavior would be the same)?
If the issue if known, is there or will there be any hotfix to avoid this
behavior for Windows-XP ?
If so, I would like to know to what all Windows OS it affects.





.

Relevant Pages

  • Re: Change in ASP.Net authentication between Win2000 and Win2003
    ... > is turning on/off Kerberos is occuring. ... It control how IE deals with "Authentication: ... when you put IIS6 in a domain and have "Integrated Windows Authentication" ...
    (microsoft.public.windows.server.security)
  • Re: Change in ASP.Net authentication between Win2000 and Win2003
    ... > is turning on/off Kerberos is occuring. ... It control how IE deals with "Authentication: ... when you put IIS6 in a domain and have "Integrated Windows Authentication" ...
    (microsoft.public.inetserver.iis.security)
  • RE: Wireless Security Notes and Findings (from this list and other places)
    ... There are two general areas of wireless security: Authentication and ... authentication standard that works with wireless networks. ... client computer runs a client program to connect to the network with a ...
    (Security-Basics)
  • Re: Need help configuring Wireless Connection profile
    ... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • RE: Beginners Questions
    ... We do use Windows form on the presentation layer which is on ... terminal server and call web services on the business logic side. ... of using "proxy" authentication on SQL Server. ... > I have written an app with a Windows Forms UI that is deployed to clients ...
    (microsoft.public.dotnet.distributed_apps)