08-19-2008 07:53 AM - edited 07-03-2021 04:20 PM
Does anyone think this is feasible as a solution...
Problem Definition.
1) Machines all use the netware Client and authenticate to eDirectory initially, then to AD.
2) I want to use ACS, not Free Radius.
3) I don't want to use a 3rd party supplicant.
Possible solution...
Does anyone think it might be possible to authenticate a machine using a certificate into AD before the user logs in using the netware client. My thinking being this... the user (or machine in this case) will have already been identified as trusted (through AD), will be connected to the network when the user submits their netware credentials. This would mean that netware could be left out of the 802.1x process completely and yet the user would still get a single sign on experience.
08-25-2008 08:31 AM
This should work.
09-02-2008 04:09 AM
I'm about to test this. I'll keep you posted. Fingers crossed!
11-24-2008 10:43 AM
Did you ever get this to work. Im trying to get something similar to work.
Thank you
12-04-2008 09:12 AM
I did. Basically the scenrio I described in the original post worked.
The only caveat is that user auth still occurs through 802.1x once you submit the user credentials. There are regestry hacks which disable this if you solely want to use machine auth.
hope this helps
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide