Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

802.1x, Machine Authentication, Active Directory and eDirectory

Does anyone think this is feasible as a solution...

Problem Definition.

1) Machines all use the netware Client and authenticate to eDirectory initially, then to AD.

2) I want to use ACS, not Free Radius.

3) I don't want to use a 3rd party supplicant.

Possible solution...

Does anyone think it might be possible to authenticate a machine using a certificate into AD before the user logs in using the netware client. My thinking being this... the user (or machine in this case) will have already been identified as trusted (through AD), will be connected to the network when the user submits their netware credentials. This would mean that netware could be left out of the 802.1x process completely and yet the user would still get a single sign on experience.

4 REPLIES
Cisco Employee

Re: 802.1x, Machine Authentication, Active Directory and eDirect

This should work.

Community Member

Re: 802.1x, Machine Authentication, Active Directory and eDirect

I'm about to test this. I'll keep you posted. Fingers crossed!

Community Member

Re: 802.1x, Machine Authentication, Active Directory and eDirect

Did you ever get this to work. Im trying to get something similar to work.

Thank you

Community Member

Re: 802.1x, Machine Authentication, Active Directory and eDirect

I did. Basically the scenrio I described in the original post worked.

The only caveat is that user auth still occurs through 802.1x once you submit the user credentials. There are regestry hacks which disable this if you solely want to use machine auth.

hope this helps

325
Views
0
Helpful
4
Replies
CreatePlease to create content