windows 2003: validation/authentication(802.1x)
From: davide (davide_at_yahoo.com)
Date: 03/29/04
- Next message: Corey Arndt: "MAC Address Control"
- Previous message: Linux Penguin: "IAS and Wireless"
- Next in thread: Ashwin Palekar \(MS\): "Re: windows 2003: validation/authentication(802.1x)"
- Reply: Ashwin Palekar \(MS\): "Re: windows 2003: validation/authentication(802.1x)"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 29 Mar 2004 14:38:51 +0200
We are testing an Active Directory domain with authentication 802.1x using
certificates (x.509) on smartcard.
- the domain is served from Windows Server 2003 whith DHCP, DNS, root CA
- for the 802.1x authentication we have:
supplicant: windows xp sp1
authenticator: switch Cisco 2950 (enhanced image)
autentication server: service IAS on Windows 2003
We configured autoenrollement of certificates to smart card.
We configured the windows login on smart card.
We configured eap/tls on smart card
Results
At the moment of the domain validation it comes demanded the PIN; once
inserted, the user reach the domain. In this moment the PC is still in the
"guest Vlan". After some second, a windows from the systray is opened; to
this point the breaking in of the PIN comes demanded an other time, the
certificate on the smart card comes verified and the authentication 802.1x
goes to good aim. Now the PC is placed on the Vlan configured in the policy
attribute on the server Radius (IAS).
Our objective is that the user having a single step for the validation in
the domain that for the authentication 802.1x.
It's possible?
My english is not so good...
Thanks
Davide
- Next message: Corey Arndt: "MAC Address Control"
- Previous message: Linux Penguin: "IAS and Wireless"
- Next in thread: Ashwin Palekar \(MS\): "Re: windows 2003: validation/authentication(802.1x)"
- Reply: Ashwin Palekar \(MS\): "Re: windows 2003: validation/authentication(802.1x)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
