Solved

Process of machine authentication

Posted on 2013-05-19
2
287 Views
Last Modified: 2013-06-05
Hi,

I'm struggling to understand the process of machine authentication on server 2008, particular in a wireless 802.1x enviroment.  can anyone explain exactly what (information) and when (in the authentication or boot process) the client sends to the authentication server.

Thanks
0
Comment
Question by:simonphoenix10
2 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 39179339
Normally, when a computer on a domain starts it authenticates with a DC on the domain using its computer name and computer password - the password is set automatically and by default is renegotiated automatically every 30 days.

802.1x adds to this see http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/802-1x-Machine-and-User-Authentication/td-p/8886
0
 
LVL 21

Accepted Solution

by:
Jakob Digranes earned 500 total points
ID: 39183532
The answer will in some way depend on what you really are asking for... But for wireless, this is how it goes.
(see a good graphical display here: http://www.interlinknetworks.com/whitepapers/Intro_802_1X_for_Wireless_LAN_clip_image004.jpg)

First the client associates to AP (association request - association success)
then either the client will send EAPOL start or AP will do a REQUEST IDENTITY
The client then issues a RESPOND IDENTITY with some sort of credentials (depending on client policy)
The Radius server inspects identity against its policies and will respond with either authentication failure or success. This kind of exchange might go a couple of rounds, if identity responded with is incorrect - either wrong type, or a typo.

When machine authenticates all this happes before log on dialouge appears and user will log on PC.

During this process of authentication only authentication traffic will be allowed on the link - and when computer is authenticated - then it will get an IP-address and "normal" network traffic is allowed ---

but - this is the simple explanation. There's tons of reading material on different EAP-authentication types, and the main goal behind 802.1X and of course what to do, and more importantly - what NOT to do :)
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question