Security

Reply
MVP
Posts: 2,925
Registered: ‎10-25-2011

Machine and User Authentication

[ Edited ]

Hello Collin

Question regarding this

 

If i got machine enforment on and also  EAP PEAP to athenticate with user and password

 

I got it set up like this

 

When you authenticate with the correct machine you  actually get an ip address but you get a deny all role

When you authenticate the user then you get a derived role which got the real access.

 

Now as i got it, it will affect the users that needs to change to a new password? i mean when they have a group policy  which tell you, that you need to change the password every X time?

 

I did it this way because i want that it needed to pass both authentcation before having any access to the network.

 

But it seems it will give me trouble...

 

If im correct in what i thing

 

To correct it what do you recommend?

I was thinking in maybe that when it pass the machine authentication  it give you just the privileged to change the pasword... maybe just opening the ports that its needed for this agains the active directory ip address

 

Or do you suggest another aproach?

 

Thanks in advance

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Frequent Contributor II
Posts: 135
Registered: ‎07-06-2012

Re: Machine and User Authentication

I agree :)

Guru Elite
Posts: 20,578
Registered: ‎03-29-2007

Re: Machine and User Authentication


NightShade1 wrote:

Hello Collin

Question regarding this

 

If i got machine enforment on and also  EAP PEAP to athenticate with user and password

 

I got it set up like this

 

When you authenticate with the correct machine you  actually get an ip address but you get a deny all role

When you authenticate the user then you get a derived role which got the real access.

 

Now as i got it, it will affect the users that needs to change to a new password? i mean when they have a group policy  which tell you, that you need to change the password every X time?

 

I did it this way because i want that it needed to pass both authentcation before having any access to the network.

 

But it seems it will give me trouble...

 

If im correct in what i thing

 

To correct it what do you recommend?

I was thinking in maybe that when it pass the machine authentication  it give you just the privileged to change the pasword... maybe just opening the ports that its needed for this agains the active directory ip address

 

Or do you suggest another aproach?

 

Thanks in advance

 

Cheers

Carlos


You need to pass machine authentication before you do anything.  Correct.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: