Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Machine and User Authentication

This thread has been viewed 2 times

  • 1.  Machine and User Authentication

    Posted Sep 27, 2012 07:06 PM

    Hello Collin

    Question regarding this

     

    If i got machine enforment on and also  EAP PEAP to athenticate with user and password

     

    I got it set up like this

     

    When you authenticate with the correct machine you  actually get an ip address but you get a deny all role

    When you authenticate the user then you get a derived role which got the real access.

     

    Now as i got it, it will affect the users that needs to change to a new password? i mean when they have a group policy  which tell you, that you need to change the password every X time?

     

    I did it this way because i want that it needed to pass both authentcation before having any access to the network.

     

    But it seems it will give me trouble...

     

    If im correct in what i thing

     

    To correct it what do you recommend?

    I was thinking in maybe that when it pass the machine authentication  it give you just the privileged to change the pasword... maybe just opening the ports that its needed for this agains the active directory ip address

     

    Or do you suggest another aproach?

     

    Thanks in advance

     

    Cheers

    Carlos



  • 2.  RE: Machine and User Authentication

    Posted Sep 30, 2012 03:44 AM

    I agree :)



  • 3.  RE: Machine and User Authentication

    EMPLOYEE
    Posted Oct 02, 2012 07:45 AM
    @NightShade1 wrote:

    Hello Collin

    Question regarding this

     

    If i got machine enforment on and also  EAP PEAP to athenticate with user and password

     

    I got it set up like this

     

    When you authenticate with the correct machine you  actually get an ip address but you get a deny all role

    When you authenticate the user then you get a derived role which got the real access.

     

    Now as i got it, it will affect the users that needs to change to a new password? i mean when they have a group policy  which tell you, that you need to change the password every X time?

     

    I did it this way because i want that it needed to pass both authentcation before having any access to the network.

     

    But it seems it will give me trouble...

     

    If im correct in what i thing

     

    To correct it what do you recommend?

    I was thinking in maybe that when it pass the machine authentication  it give you just the privileged to change the pasword... maybe just opening the ports that its needed for this agains the active directory ip address

     

    Or do you suggest another aproach?

     

    Thanks in advance

     

    Cheers

    Carlos

    You need to pass machine authentication before you do anything.  Correct.