Not as far as I have been able to tell per how windoze handles it. I
asked this a while back, and short answer is no.
Working in an enterprise wireless environment, of course windoze does
this (only at boot/logout), macs do this too (somewhat poorly), but
there is nothing analogous in linux directly. I worked with setting up
a system-level profile (using the "All users may connect to this
network" setting under the profile) for machine certs gotten from M$ Ent
CA that would be used by default, but honestly I couldn't get NM to work
right with the certs and gave up before leaving the company.
I found prior ubuntu 12.04 wouldn't for whatever reason invoke that
profile without login, bumping it up to 13.10 fixed it, so ymmv here
too. In theory, using a general "machine" or system profile should get
the system online, and if doing role derivation ala Clearpass/ISE,
should stick you in a suitable quarantine/restricted access to AD, and
then once a user logs in, would then switch profiles to theirs
specifically for full access. I never got to see this fully work due to
apparently certificate bugs with NM for eap-tls, but that's another
discussion.
I'd love to see this work, we had to do some hacks to get linux users on
wireless, as part of our eap server policy was verifying the asset by
machine auth, or an MDM in it's place. Since linux really doesn't do or
have either, we ended up fudging it in as an MDM-trusted asset for blind
trust and staying with PEAP passwords, but in a 3500 user company with
10 linux users, it was good enough.
Using machine authentication is almost worse anyways, as no client
handles the transition well when role determines vlan access at the
controller at a L2 level, even windoze without specifically coa bouncing
the association hard (dhcp needs a link down/up to readdress). The
whole business was messy honestly, and just taught me not to rely on
machine auth.
It's be great to see this work still, but maybe something a company like
Likewise/Powerbroker or Centrify can handle to emulate gpo-ish machine
auth function like that for enterprise desktop linux to transition back
and forth from computer or user credentials, hopefully working better
than either win or mac.
-mb
On 04/03/2014 07:00 AM, Omer Faruk SEN wrote:
Hello,
I want to ask how can i use "Computer Authentication" on
NetworkManager-0.8.1. Is this a supported mode? If so where can i
configure it on the NM GUI?
I am using RHEL 6.5 and I use NetworkManager-0.8.1-66.el6.x86_64
I want to state that RHEL 6.5 has joined to Microsoft AD environment.
On Windows environment we have :
As far as I see this is not possible on NM on any version but wanted
to check it.
Regards.
_______________________________________________
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list
_______________________________________________
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list