802.1x howto ias computer only authentication
- From: "msnews.microsoft.com" <mmartens@xxxxxxxxxx>
- Date: Mon, 6 Nov 2006 15:40:40 +0100
Hi,
I've been searching thourgh this newsgroup and internet but i'm not able to
find a how to about configureing ias for a computer only authentication for
VLAN's.
I've also read the Wired_depl.doc and ias_vlans.doc but still no good.
User authentication based on certificates works ok but thats not what we
want because then no Login scripts an Group Policies are comming with the
login.
So we would like to do it based on machine authentication (yes the box is
checked of: authenticate as computer.....) so ik authenticates before loggin
in.
Any ideas on how to get this done?
Autoenrolment works fine and all machine's in the domain get a correct
Certificate including the Subject Alternative Name (DNS
Name=ENH-PC-075.WPS.Corp )
All machine's in the domain are 2003 and domain level is raised.
I tried to use a group "wiredusers" even tried making my pc a member of the
group but that doesn't seen to work.
here is a bit out of my ias log: there you can see that machine is not
working because of the host/.... and that he regocnizes the user.:
Mon Nov 06 12:15:16 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162811716
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 12:15:16 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162811716
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 12:15:31 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162811731
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 12:15:31 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162811731
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 12:15:46 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162811746
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 12:15:46 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162811746
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 12:25:46 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162812346
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 12:25:46 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162812346
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 12:26:01 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162812361
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 12:26:01 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162812361
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 12:26:16 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162812376
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 12:26:16 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162812376
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 13:43:57 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162817037
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 13:43:57 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162817037
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 13:44:12 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162817052
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 13:44:12 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162817052
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 13:44:27 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162817067
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 13:44:27 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162817067
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 13:45:30 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162817130
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 13:45:30 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162817130
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 13:45:45 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162817145
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 13:45:45 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162817145
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 13:46:00 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162817160
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 13:46:00 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162817160
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 13:47:12 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162817232
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 13:47:12 2006
User-Name = "host/ENH-PC-075.WPS.Corp"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162817232
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 13:53:01 2006
User-Name = "adm.marmar@xxxxxxxx"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162817581
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 13:53:01 2006
User-Name = "adm.marmar@xxxxxxxx"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162817581
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 13:54:10 2006
User-Name = "adm.marmar@xxxxxxxx"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162817650
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Mon Nov 06 13:54:10 2006
User-Name = "adm.marmar@xxxxxxxx"
Called-Station-ID = 00-17-59-38-3C-01
Calling-Station-ID = 00-13-72-29-EC-30
NAS-IP-Address = 10.180.164.28
NAS-Port = 50001
Timestamp = 1162817650
NAS-Port-Type = 15
Service-Type = 2
Acct-Status-Type =
Acct-Session-ID =
Thanks in advance,
Marcel
.
- Follow-Ups:
- Re: 802.1x howto ias computer only authentication
- From: James McIllece [MS]
- Re: 802.1x howto ias computer only authentication
- Prev by Date: Re: Remotely debugging IAS extensions
- Next by Date: Re: 802.1x howto ias computer only authentication
- Previous by thread: Event ID 1054 when accessing domain via 802.1x connection
- Next by thread: Re: 802.1x howto ias computer only authentication
- Index(es):
Relevant Pages
|
