Re: Getting scripts

mmohanni1981 · ‎08-12-2007

hi all,

i have several vlans which have to access my domain controller and active directory to get authentication and scripts, there is a problem with getting the scripts. how can i define an ACL which would allow them to only get the scripts.

Jagdeep Gambhir · ‎08-13-2007

Hi,

For this you need to set up machine authentication on the network (Radius).

Q. What is machine authentication and how does Cisco Secure ACS support it today?

A. Machine authentication is used at boot time to authenticate and communicate with Windows domain controllers to pull down machine group policies independently of an interactive user authentication session. Cisco Secure ACS provides a mechanism to allow machine authentication on an 802.1X port before a user session is initiated. This is done by communicating the machine name with or without a valid certificate (depending on the EAP method used) to the Cisco Secure ACS server for machine identity verification. Cisco Secure ACS version 3.2 supports machine authentication using either EAP-TLS or

PEAP-EAP-MSCHAPv2 against Windows Active Directory.

Hope that helps

Regards,

~JG

Please rate helpful posts

griffijo · ‎08-13-2007

Why do you need machine authentication??? I think the question simply asks what ACE's do you need to allow client machines in the particular network to execute scripts from the domain controller.