Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Best Practice for 2 factor authentication

This thread has been viewed 1 times

  • 1.  Best Practice for 2 factor authentication

    Posted Feb 07, 2013 11:35 AM

    What is the best practice for doing two-factor authentication using a certificate and an Active Directory user id/password?



  • 2.  RE: Best Practice for 2 factor authentication

    Posted Feb 07, 2013 07:20 PM

    As far i know you cannot do that  or you do EAP PEAP = user + password or you use EAP TLS = User Certificate.

     

    You can do 2 factor authentication by doing EAP PEAP + Enforce machine  OR EAP TLS + Enforce Machine.

     

    The enforce machine will check if the laptop or tablet is in the Active directory group you select(this works perfectly when you got all windows machines)

     

    Hopes it helps

     

    Cheers

    Carlos

     



  • 3.  RE: Best Practice for 2 factor authentication

    Posted Feb 22, 2013 01:03 PM

    Machine auth is only authenicated once every 24 hours aginest AD. After the one machine auth happens for the next 24 hours it's using mac auth (mac cache). As the user logs in the username/password is passed to the auth server (Radius/ldap) and then the users is authenicated.