Mike Perdide wrote:
Phil Mayers wrote:
Is the windows machine a domain member? No it's not. Only the users are.
? When you sit at the login screen, and press ctrl+alt+del, are you logging in with a username and password which is checked against the domain controllers? If so, then the machine *is* joined into the domain.
I think you are asking "is it possible for the client to do 802.1x with the username/password typed into the login box" and the answer is "yes". That's exactly my question, thanks ;).
1. Using the windows native supplicant and machine account authentication. Basically the process is this: * machine powers on - no-one logged in * machine uses its own domain account to login "host/$machinename" * user presses ctrl+alt+del When you say user presses ctrl+alt+del, you mean that he closes the session and uses his own login ?
No. The machine is sitting at the login prompt, and the user presses ctrl+alt+del to bring up the login box.
* machine validates credentials to the domain controller, over the current network connection
How did the machine obtain network connection ?
* machine downloads the users profile * once the profile is download, the machine does an EAP-Logoff and then re-authenticates using the user credentials * when the user logs out, the machine does and EAP-Logoff and then logs back in using the machine account
3. Using a different supplicant which has a GINA plugin; I believe the Odyssey supplicant (which you have to pay for) can do this. SecureW2 (which is open source) may. Obviously you have to install software.
I am currently using SecureW2 TTLS, and I did not see such thing as GINA plugin. I am gonna look for documentation about that.