Solved

Process of machine authentication

Posted on 2013-05-19
2
288 Views
Last Modified: 2013-06-05
Hi,

I'm struggling to understand the process of machine authentication on server 2008, particular in a wireless 802.1x enviroment.  can anyone explain exactly what (information) and when (in the authentication or boot process) the client sends to the authentication server.

Thanks
0
Comment
Question by:simonphoenix10
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 39179339
Normally, when a computer on a domain starts it authenticates with a DC on the domain using its computer name and computer password - the password is set automatically and by default is renegotiated automatically every 30 days.

802.1x adds to this see http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/802-1x-Machine-and-User-Authentication/td-p/8886
0
 
LVL 21

Accepted Solution

by:
Jakob Digranes earned 500 total points
ID: 39183532
The answer will in some way depend on what you really are asking for... But for wireless, this is how it goes.
(see a good graphical display here: http://www.interlinknetworks.com/whitepapers/Intro_802_1X_for_Wireless_LAN_clip_image004.jpg)

First the client associates to AP (association request - association success)
then either the client will send EAPOL start or AP will do a REQUEST IDENTITY
The client then issues a RESPOND IDENTITY with some sort of credentials (depending on client policy)
The Radius server inspects identity against its policies and will respond with either authentication failure or success. This kind of exchange might go a couple of rounds, if identity responded with is incorrect - either wrong type, or a typo.

When machine authenticates all this happes before log on dialouge appears and user will log on PC.

During this process of authentication only authentication traffic will be allowed on the link - and when computer is authenticated - then it will get an IP-address and "normal" network traffic is allowed ---

but - this is the simple explanation. There's tons of reading material on different EAP-authentication types, and the main goal behind 802.1X and of course what to do, and more importantly - what NOT to do :)
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Netflix streaming problem 18 66
IP range 6 65
Need help Creating a Powershell script 8 64
Shared files and folders migration 2 30
This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question