12-07-2010 10:25 AM
Hi We have IC4500 cluster and we are deploying it in layer 2 using 802.1x enforcement with Juniper EX switches. We are facing issue that PC connected to 802.1x enabled port on switch and users tries to login in to PC using its domain credential but offcourse PC does not have IP so its not able to contact to domain controller to authenticate and user is unable to login to pc. Kindly suggest what is the way to solve this problem?
12-13-2010 12:16 AM
- use machine authentication, and switch to user authentication after login
- integrate oac into the boot process with GINA, however be aware there are some limitations on win 7 (now called credential provider)
12-26-2010 10:54 AM
Thank you very much for reply. I tried GINA with windows 7 and its not working every time OAC authenticated but when windoes try to login, it is giving me the error user or password not correct. I opened the JTAC case and still waiting for them
As regards to machine athentication. I am also facing problem that machine authentication is not working. I saw the logs in UAC and it showing me authentication failed ............In the OAC Manager :
1- I created the User Profile
2- Machine Profile
3- Connection setting Machine authentication and drops connection when users logs in
Should I need some certificate on OAC for machine authentication ?? I have checked disable server verification but When it is uncheck then on OAC it is showing client certificate error some thing like this.
Kindly let me know what I am missing?
Looking forward for your response.
12-28-2010 02:36 AM
To use Machine Authentication with Machine AD account, you MUST use AD/NT authentication server and not LDAP authentication server.
one other solution is to authenticate the PC with a certificate deployed by GPO.
To uncheck "Disable server verification" option, you must add the CA root of the IC certificate in the trusted root CA of the machine account :
- Launch MMC
- Add / Remove snap-in -> Add -> certificate -> Computer account -> local computer
- in Trusted root certification autority, All Task -> import
And then, add this CA in trusted servers section of Machine account in OAC.