RE: Support for SSO Active Directory PEAP-MS-CHAP-v2
Can you please send steps, I am also trying to so the same. Rakesh From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rick wiltshire Sent: Sunday, September 23, 2007 4:48 PM To: freeradius-users@lists.freeradius.org Subject: Support for SSO Active Directory PEAP-MS-CHAP-v2 Dear All, I need help with dot1x implementation in an Enterprise LAN. Our target is to authenticate and authorize users based on their identities (domain user names) as well as applying GPOs on users. Our authentication Backend is: Active Directory Our Authorization Accounting is done by: freeRADIUS Authorization Attributes control VLAN assignment (hence, IP address pool) Required Authentication EAP-Type : PEAP MS-CHAP All Clients are using WinXP supplicant. I managed to implement PEAPMS-CHAP with this setup however with users who have cached credentials on their PCs. If the user logs on the PC for the first time, he fails to reach the active directory to authenticate since the connection is not yet authorized. So what I need is get the computer authenticated and assigned an IP address and then authenticate the user in a following phase while the connection is up. Any clues with authenticating domain machines using freeradius and active directory implementation? Attention: Any non-official business related views, opinions and other information presented in this electronic mail are solely those of the sender/author. Burgan Bank does not endorse or accept responsibility for their opinions. If you are not the addressed indicated in this mail or responsible for delivering this message to the intended, you should delete this message and notify the sender immediately. --- Burgan Bank S.A.K www.burgan.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Support for SSO Active Directory PEAP-MS-CHAP-v2
Dear All, I need help with dot1x implementation in an Enterprise LAN. Our target is to authenticate and authorize users based on their identities (domain user names) as well as applying GPOs on users. Our authentication Backend is: Active Directory Our Authorization Accounting is done by: freeRADIUS Authorization Attributes control VLAN assignment (hence, IP address pool) Required Authentication EAP-Type : PEAP MS-CHAP All Clients are using WinXP supplicant. I managed to implement PEAPMS-CHAP with this setup however with users who have cached credentials on their PCs. If the user logs on the PC for the first time, he fails to reach the active directory to authenticate since the connection is not yet authorized. So what I need is get the computer authenticated and assigned an IP address and then authenticate the user in a following phase while the connection is up. Any clues with authenticating domain machines using freeradius and active directory implementation? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Support for SSO Active Directory PEAP-MS-CHAP-v2
rick wiltshire wrote: All Clients are using WinXP supplicant. I managed to implement PEAPMS-CHAP with this setup however with users who have cached credentials on their PCs. If the user logs on the PC for the first time, he fails to reach the active directory to authenticate since the connection is not yet authorized. So what I need is get the computer authenticated and assigned an IP address and then authenticate the user in a following phase while the connection is up. That is machine authentication. The machine will need to be authenticated, separately from the user. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html