Solved

Process of machine authentication

Posted on 2013-05-19
2
282 Views
Last Modified: 2013-06-05
Hi,

I'm struggling to understand the process of machine authentication on server 2008, particular in a wireless 802.1x enviroment.  can anyone explain exactly what (information) and when (in the authentication or boot process) the client sends to the authentication server.

Thanks
0
Comment
Question by:simonphoenix10
2 Comments
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
Normally, when a computer on a domain starts it authenticates with a DC on the domain using its computer name and computer password - the password is set automatically and by default is renegotiated automatically every 30 days.

802.1x adds to this see http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/802-1x-Machine-and-User-Authentication/td-p/8886
0
 
LVL 20

Accepted Solution

by:
Jakob Digranes earned 500 total points
Comment Utility
The answer will in some way depend on what you really are asking for... But for wireless, this is how it goes.
(see a good graphical display here: http://www.interlinknetworks.com/whitepapers/Intro_802_1X_for_Wireless_LAN_clip_image004.jpg)

First the client associates to AP (association request - association success)
then either the client will send EAPOL start or AP will do a REQUEST IDENTITY
The client then issues a RESPOND IDENTITY with some sort of credentials (depending on client policy)
The Radius server inspects identity against its policies and will respond with either authentication failure or success. This kind of exchange might go a couple of rounds, if identity responded with is incorrect - either wrong type, or a typo.

When machine authenticates all this happes before log on dialouge appears and user will log on PC.

During this process of authentication only authentication traffic will be allowed on the link - and when computer is authenticated - then it will get an IP-address and "normal" network traffic is allowed ---

but - this is the simple explanation. There's tons of reading material on different EAP-authentication types, and the main goal behind 802.1X and of course what to do, and more importantly - what NOT to do :)
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

MAC Filtering: MAC filtering is like handing a list of names to a doorman. If someone comes to the door and mentions a name, this name is checked by the doorman on his list and granted or denied access by this. This means that if someone menti…
In this article I will describe how to setup a Cisco WLC 5508 to work with Apple's Bonjour protocol across VLANs.  I will also discuss using screen mirroring and Airplay on an AppleTV v3.  This article covers the wireless network only and requires m…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now