Radius-based windows authentication
Mike Perdide
mike.perdide at gmail.com
Fri Apr 25 17:20:23 CEST 2008
Phil Mayers wrote:
> Is the windows machine a domain member?
No it's not. Only the users are.
> I think you are asking "is it possible for the client to do 802.1x with
> the username/password typed into the login box" and the answer is "yes".
That's exactly my question, thanks ;).
> 1. Using the windows native supplicant and machine account
> authentication. Basically the process is this:
> * machine powers on - no-one logged in
> * machine uses its own domain account to login "host/$machinename"
> * user presses ctrl+alt+del
When you say user presses ctrl+alt+del, you mean that he closes the session
and uses his own login ?
> * machine validates credentials to the domain controller, over the
> current network connection
How did the machine obtain network connection ?
> * machine downloads the users profile
> * once the profile is download, the machine does an EAP-Logoff and
> then re-authenticates using the user credentials
> * when the user logs out, the machine does and EAP-Logoff and then
> logs back in using the machine account
> 3. Using a different supplicant which has a GINA plugin; I believe the
> Odyssey supplicant (which you have to pay for) can do this. SecureW2
> (which is open source) may. Obviously you have to install software.
I am currently using SecureW2 TTLS, and I did not see such thing as GINA
plugin. I am gonna look for documentation about that.
Thanks for your help.
More information about the Freeradius-Users
mailing list