Machine authentication
Jacky
wyqjnm at gmail.com
Thu Mar 30 15:04:16 EST 2006
>If your user has a cert (you seemed to imply it above, though I don't
>know if I read that right), then could you perhaps use your user's
>password? That might be simpler. (With the Windows supplicant, you
>wouldn't be able to get at that until you logged on. But if you know
>the password, you can set Linux up to use it regardless of who's logged
>on, as long as it lets you on the network.)
>
>
My ultimal goal is to get machine authenticate working. I have included
Cisco ACS's "machine access restriction" option explaination in my
second email on this thread. I don't know how exactly it works, but I
guess ACS is detecting ( or Active Directory is telling ACS) that an
authentication is a machine authentication. ACS will allow certain
operation only if machine authentication is successful (for example
allow user authentication only if machine authenticated). Therefore
using the user's cert or password is not help in this case.
I am also making assumption that if I set the identity to
"host/mychinename" then ACS(or AD) will think this is a machine
authentication (since I can see XP sending this as username in Ethereal
log). Then I hope if I use the machine cert or machine password with the
hostname as identity it will make ACS believe it is machine authentication.
Jacky
More information about the HostAP
mailing list