A network access service contains the authentication policy conditions for requests. You can create separate network access services for different use cases, for example, Wired 802.1X, Wired MAB, and so on. To create a network access service, configure allowed protocols or server sequences. Now open the Network tab, select your Ethernet interface, and press the Advanced button and open the 802.1X tab. Select the entry 'Wi-Fi', check 'Enable automatic connection' to on and press OK. This brings up the dialog to select the certificate. Hello, My Client Supplicants are Window XP and configured to authenticate as computer when computer information is available. The supplicants are using WPA2-AES with 802.1x PEAP-MSCHAPv2. The Aruba Controller is not configured to enforce Machine Authentication (i.e. Enforce Machine Authentication is Disabled). Microsoft NPS is used as the RADIUS server. NPS communicates with Active Directory where the user and machine credentials reside. With this configuration authentication using machine credentials works fine for several weeks, then the XP supplicants begin to fail 802.1x machine authentication (as a domain computer). Connecting these machines to the network via their wired Ethernet ports and logging into the domain seems to do something to these machines so that we can log out, disconnect the wired Ethernet connection, enable the wireless NIC and once again 802.1X authenticate at both the machine and user level. At first I thought the issue had to do with the 'Machine Authentication Cache Timeout' setting in the 802.1X authentication profile so we set the timeout to it's maximum of 41 days. These same XP machines are still failing after several weeks. Has anyone encountered this problem before or have any suggestions? Thanks, John. The topology is: (2) redundant 3600 masters (4) 3600 LMS (1) 4600 N+1 backup LMS for any of the LMS 1-4 (408) AP-105 throughout (22) buildings - SSID is using 802.1x authentication and we are doing both machine (computer) and user authentication. - Active Directory servers as well as NPS are located at the core of the network where all the Aruba 3600's are located Wireless laptop running XP boots up, authenticates as a machine (computer) and is sitting at the login prompt. Domain user logs into the laptop and authenticates and if successful gets placed in the 'authenticated' role. This all works for a period of time, maybe 2-3 weeks then for some reason the laptop can no longer authenticate as a machine (computer). Since the laptop can's authenticate it doesn't receive a DHCP address so users cannot log into the laptop either. Customer connects the laptop into a wired network port, laptop obtains a DHCP address, user successfully logs in. Laptop can now authenticate once again on the wireless network as a machine (computer) and users can log in. I've deployed many 802.1x authenticated networks this very same way but never run across this situation. Hope this helps clarify the behavior we're seeing. Thanks, John. Okay there is something wrong here As far i know you cannot authenticatea machine unless you are using enforce machine authentication When you using EAP PEAP the NPS is just authenticating user and password Thats it nothing else.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2019
Categories |