802.1x, Machine Authentication, Active Directory and eDirectory

Unanswered Question
Aug 19th, 2008
User Badges:

Does anyone think this is feasible as a solution...

Problem Definition.

1) Machines all use the netware Client and authenticate to eDirectory initially, then to AD.

2) I want to use ACS, not Free Radius.

3) I don't want to use a 3rd party supplicant.

Possible solution...

Does anyone think it might be possible to authenticate a machine using a certificate into AD before the user logs in using the netware client. My thinking being this... the user (or machine in this case) will have already been identified as trusted (through AD), will be connected to the network when the user submits their netware credentials. This would mean that netware could be left out of the 802.1x process completely and yet the user would still get a single sign on experience.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rhodrijenkins Tue, 09/02/2008 - 04:09
User Badges:

I'm about to test this. I'll keep you posted. Fingers crossed!

rhodrijenkins Thu, 12/04/2008 - 09:12
User Badges:

I did. Basically the scenrio I described in the original post worked.

The only caveat is that user auth still occurs through 802.1x once you submit the user credentials. There are regestry hacks which disable this if you solely want to use machine auth.

hope this helps


This Discussion



Trending Topics - Security & Network