Re: 802.1x with non cached password and profile

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Mark Gamache (mark.gamache_at_css-security.com.nospam)
Date: 02/18/05 

Date: Fri, 18 Feb 2005 09:02:39 -0800

If I am reading your question correctly, you are saying that machine
accounts aren't authenticating via 802.1X.

If this is the case, I'd check your RADIUS logs for failures. Are the
machine accounts in a group that you have granted access with your remote
access policy?

Cheers, 

-- 
Mark Gamache
Certified Security Solutions
http://www.css-security.com
<va66stang@yahoo.com> wrote in message 
news:1108732605.826900.238510@z14g2000cwz.googlegroups.com...
> We are in the process of testing 802.1x authentication on our network.
> For a little background.  We are using Cisco network switches, with a
> Cisco ACS server with passthrough authentication the a Server 2003 AD
> Domain.  We have been able to successfully authenticate and access the
> network as well as dynamically assigning VLANs based on group
> membership.  The problem is it only works from a workstation that has a
> cached password and profile for the user that is logging in.  If the
> workstation does not have a cached password, authentication fails with
> an error that a domain controller is not available.  Has anyone else
> run into this and is there a workaround.  It appears that the
> credentials are not being passed from the Microsoft client to the
> 802.1x client until the MS client successfully authenticates.  Any help
> would be appreciated.  Thanks
>

Relevant Pages

  • RE: Wireless Security Notes and Findings (from this list and other places)
    ... There are two general areas of wireless security: Authentication and ... authentication standard that works with wireless networks. ... client computer runs a client program to connect to the network with a ...
    (Security-Basics)
  • Re: SecuRemote Client and Netfilter NAT
    ... I am not sure about this as I am unfamiliar with the aforementioned client, ... > box is NAT'ing the internal network using iptables 1.2.6a. ... > a packet analysis revealed that UDP 259 was needed for authentication. ...
    (Security-Basics)
  • RE: 802.1x, Computers, Wired Security
    ... client to use EAP-TLS. ... Authentication-Provider = Windows ... Wired 802.1X Authentication failed. ... Network Adapter: Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler ...
    (microsoft.public.windows.server.active_directory)
  • Re: IIS 6.0 and 401.2 and 401.1 Errors
    ... > authentication -- client and server first negotiate authentication that ... > So, if you see repeated 401.2 for the same resource from the same client, ... > authenticated connection and instead RENEGOTIATING a new connection. ... > You can easily verify this by installing "Network Monitor" from Windows ...
    (microsoft.public.inetserver.iis)
  • Re: 2003 AD XP Client domain name change
    ... One of the main problems with this scenario is that once a 2K/XP client ... Currently have an AD 2003 test network setup in interim ... authentication purposes. ... connection with the server ...
    (microsoft.public.win2000.active_directory)