08-12-2007 08:07 AM - edited 03-05-2019 05:51 PM
hi all,
i have several vlans which have to access my domain controller and active directory to get authentication and scripts, there is a problem with getting the scripts. how can i define an ACL which would allow them to only get the scripts.
08-13-2007 05:29 AM
Hi,
For this you need to set up machine authentication on the network (Radius).
Q. What is machine authentication and how does Cisco Secure ACS support it today?
A. Machine authentication is used at boot time to authenticate and communicate with Windows domain controllers to pull down machine group policies independently of an interactive user authentication session. Cisco Secure ACS provides a mechanism to allow machine authentication on an 802.1X port before a user session is initiated. This is done by communicating the machine name with or without a valid certificate (depending on the EAP method used) to the Cisco Secure ACS server for machine identity verification. Cisco Secure ACS version 3.2 supports machine authentication using either EAP-TLS or
PEAP-EAP-MSCHAPv2 against Windows Active Directory.
Hope that helps
Regards,
~JG
Please rate helpful posts
08-13-2007 06:39 AM
Why do you need machine authentication??? I think the question simply asks what ACE's do you need to allow client machines in the particular network to execute scripts from the domain controller.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: