Alan DeKok wrote: What's so special about machine authentication? Short Version. (Forgive my use of nomenclature)
When your sitting at a logon prompt at windows (Hit CTRL-ALT-DELETE), it (the client machine) has no user credentials to perform an 802.1x session. Hence, it has no network access to talk to a domain controller to verified the given credentials to allow access to the machine. Classic Chicken and Egg argument. Using Computer Accounts, the client computer authenticates using it's Active Directory Computer Account. (Usually given as host/ComputerName) It now has Network access. When a client attempts a logon, it can reach the Domain Server to perform the authentication. When the User Desktop comes up, Windows XP drops the computer account credentials, and performs a new 802.1x session using the client's credentials. It allows a person to logon to a Windows 2000/XP laptop without having to depend on having a cached logon. (Cached Logon = You logged on successfully to the computer before, so the client machine allows it now, because it can not communicate with the domain controller) I think that covers it. Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
