Security

Hi again,

I try to configure my server 2008 to do MAC authentification ... I also use this server as logon server with mschap, this works great.

My question is: can i use my radius server to do mac authentification and logon?

I want to get the MAC-adresses out of my active directory...  is this possible?

Thanks!

Please try this technet article here:  

http://blogs.technet.com/nap/archive/2006/09/08/454705.aspx

---

@cjoseph wrote:

Please try this technet article here:  

http://blogs.technet.com/nap/archive/2006/09/08/454705.aspx

---

If i klick on this link i get an Outlook Web App- Page ....is that correct?

I found that link before but i always get this...

I fixed the link.  Not sure why it was doing that...

---

@cjoseph wrote:

I fixed the link.  Not sure why it was doing that...

 

---

Sorry but is this the right link? Title is "Certificate Autoenrollment in Windows XP"?!

No.  lets try this one more time:

http://blogs.technet.com/nap/archive/2006/09/08/454705.aspx

Thanks!

This solution is not the best for our constellation... Is it possible to let the aruba controller check if a mac-adress is in the active-directory and then do the MSCHAP-Logon?

Sorry for the bad english.

The general answer is yes.  You can create  mac authentication profile and mac authentication server group in the same AAA profile that you do 802.1x

The big question is: do you already have all of these mac addresses stored somewhere?  The issue is adding/deleting and maintaining the mac addresses either as users in Active Directory or Users in the local database on the controller.

---

@cjoseph wrote:

 

The big question is: do you already have all of these mac addresses stored somewhere?  

 

---

No.

Okay.  The instructions to configure mac-based authentication is here:  How do I configure MAC-based authentication on Aruba? https://kb.arubanetworks.com/app/answers/detail/a_id/1126

Thanks for your reply.

This works... i have tested it before ... but now i dont want to save the mac adresses in the internal database but in the active directory.

Is this possible?

You can configure a user in AD with the username and password being the mac address.  in your AAA profile, the MAC authentication server group will then be your AD radius server.

I tested that yesterday... reason was:

the user "00-1C-AB-XX-XX-XX@domain.local" tried to logon at the radius server...is that correct?

Yes.

Thanks! It works!

But I have got a problem... if i want to connect to my network i can also do this while typing in the mac-adress as username and password -  not using the correct username.

I hope this is comprehensible for you.

....okay I fixed this by creating a second rule on my radius-server.

Very good.  Please mark the thread solved..