Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 292
  • Last Modified:

Process of machine authentication

Hi,

I'm struggling to understand the process of machine authentication on server 2008, particular in a wireless 802.1x enviroment.  can anyone explain exactly what (information) and when (in the authentication or boot process) the client sends to the authentication server.

Thanks
0
simonphoenix10
Asked:
simonphoenix10
1 Solution
 
KCTSCommented:
Normally, when a computer on a domain starts it authenticates with a DC on the domain using its computer name and computer password - the password is set automatically and by default is renegotiated automatically every 30 days.

802.1x adds to this see http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/802-1x-Machine-and-User-Authentication/td-p/8886
0
 
Jakob DigranesSenior ConsultantCommented:
The answer will in some way depend on what you really are asking for... But for wireless, this is how it goes.
(see a good graphical display here: http://www.interlinknetworks.com/whitepapers/Intro_802_1X_for_Wireless_LAN_clip_image004.jpg)

First the client associates to AP (association request - association success)
then either the client will send EAPOL start or AP will do a REQUEST IDENTITY
The client then issues a RESPOND IDENTITY with some sort of credentials (depending on client policy)
The Radius server inspects identity against its policies and will respond with either authentication failure or success. This kind of exchange might go a couple of rounds, if identity responded with is incorrect - either wrong type, or a typo.

When machine authenticates all this happes before log on dialouge appears and user will log on PC.

During this process of authentication only authentication traffic will be allowed on the link - and when computer is authenticated - then it will get an IP-address and "normal" network traffic is allowed ---

but - this is the simple explanation. There's tons of reading material on different EAP-authentication types, and the main goal behind 802.1X and of course what to do, and more importantly - what NOT to do :)
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now