Enhancing IAS with extension DLLs
- From: "Thomas K" <thomas@xxxxxxxxx>
- Date: Thu, 11 Aug 2005 14:37:59 +0200
Dear,
Would it be possible, with an extension DLL for IAS (or something else?), to
make sure that the VLAN that IAS will send for a 802.1x user authentication
will always match the VLAN that IAS sent for the 802.1x machine
authentication so we do not break the secure channel?
Context: IEEE 802.1x authentication
Goal: Link 802.1x machine authentication with 802.1x user authentication
Current Situation: IAS does not link 802.1x machine authentication with
802.1x user authentication
Problem: This is the problematic scenario:
- If a machine authenticates using 802.1x & radius configures the switchport
in VLAN_X
- If then a user authenticates using 802.1x & radius configures the
switchport in VLAN_Y, then the secure channel is broken & all sorts of
problems occurs (no roaming profile, no GPOs, ...)
Challenge: IAS would have to know a common element to link 802.1x machine
authentication & 802.1x user authentication... we could use the
workstation's MAC-address for this (IAS would have to learn it dynamically)
which is present in the radius messages for both 802.1x machine
authentication & 802.1x user authentication.
What do you think?
Regards,
/Thomas
.
- Follow-Ups:
- Re: Enhancing IAS with extension DLLs
- From: Dave Mitton
- Re: Enhancing IAS with extension DLLs
- Prev by Date: Re: Certificate Authentificatoin won't run on IAS
- Next by Date: IAS has trouble with the hostname of Aironet AP that uses DHCP
- Previous by thread: Certificate Authentificatoin won't run on IAS
- Next by thread: Re: Enhancing IAS with extension DLLs
- Index(es):
Relevant Pages
|
