802.1x port authentication problem
- From: "TonyB" <tony.barrett@xxxxxxxxxx>
- Date: Wed, 11 Oct 2006 11:11:32 +0100
I am looking the possibility of securing computer connections to our network
here using 802.1x authentication with RADIUS.
Our wired network switches support this, and the backend auth will be Win2k3
with IAS (RADIUS). I have already set this type of connection up with
wireless, but I want to extend this to wired.
The problem I'm having, is that when using certs (from our local CA)
assigned to the user account (and mapped in A/D), the 802.1x auth only takes
place *after* the user has logged on, and the switch port is not unblocked
until this time. This does work, but means that the group policies do not
apply (because the switch port is still blocked at this time) and the user
always has to log on with cached credentials. Also, this type of setup
prevents new users logging onto a machine (who don't have a local profile)
which causes other problems.
Ideally I would like to authenticate the computer using 802.1x (and not the
user). This should ensure that the authentication phase takes place earlier,
the policies apply, and the user can logon as normal.
Is this possible using Windows (2000/XP). I can't seem to map a computer
certificate to a computer object in A/D. Does anyone have any
recommendations?
Thanks
.
- Follow-Ups:
- Re: 802.1x port authentication problem
- From: Steve Riley [MSFT]
- Re: 802.1x port authentication problem
- Prev by Date: Re: Problem with file Decryption in NTFS file system
- Next by Date: Re: Problem with file Decryption in NTFS file system
- Previous by thread: Problem with file Decryption in NTFS file system
- Next by thread: Re: 802.1x port authentication problem
- Index(es):
Relevant Pages
|
Loading
