04-11-2012 11:22 AM
Hi, I'm not sure if anyone else has tried this, but I got a Sucessful Machine (and User) Authentication from AD2008r2 running the latest 4.2 code that was just released. Running WinXP with Odyssy Client that came with 4.2.
04-11-2012 10:31 PM
4.2 introduces support for Active Directory (AD) 2008R2, in addition to previously supported AD 2003 and AD 2008R1 servers,4.2 also adds support for machine authentications via MSCHAPv2 and Windows native supplicants via PEAP-MSCHAPv2.
04-11-2012 10:32 PM
Yes, machine authentication using windows 2008R2 in 4.2 R1 will work.
Support for Active Directory (AD) 2008r2 and Machine Authentication via MSCHAPv2 and PEAP-MSCHAPv2 is availble as a new feature in UAC 4.2R1.
You can find the new feature information by accessing the below URL: refer page#9
I have also tested this in my lab, its working as expected. I have also seen some of our customers tested this successfully.
Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!
04-12-2012 11:04 AM
Thanks for the confirmation, but I didn't really have a question or a problem, just stating what I saw.
I know alot of people (including me) were waiting for 4.2 to solve this issue and I hadn't seen anyone post that it actually worked in their real world environment. Seeing as I was told this was going to be fixed almost a year ago, it took waaaay to long and I needed to see it with my own eyes before I really believed they got it right...
04-13-2012 05:02 AM
I must say I totally agree with rswinter. We were waiting for the official AD2008R2 support in UAC too long. I believe that majority of Junipers UAC installations are based on Windows domain environment so support for the latest Windows AD version is especially important. The retail availability of Windows Server 2008 R2 was October 2009. Juniper released the UAC 4.2R1 version on march 2012, so we had to wait 1.5 years. So it really took too long to solve this issue. We should wait no more than few months. Some features on NAC are critical, and I think the support for the latest Windows Server version should be amongst them.