04-30-2013 02:30 AM - edited 03-10-2019 08:22 PM
Hi,
I want to know is it possible to do machine authenticaiton and user authentication happen at the same time? Some thing like this...
Condition
IF ( wired_802.1x and AD:externalgroup EQUAL dommain computer AND AD:exteranalgroup EQUAL Some_domain_user_group )
Permissions
then Vlan x
Basically i am trying to check a machine is part of domain and user is valid only then he should be able to have full access.
Any help will be of great value.
Solved! Go to Solution.
04-30-2013 03:22 AM
Hi,
IF ( wired_802.1x and AD:externalgroup EQUAL dommain computer AND AD:exteranalgroup EQUAL Some_domain_user_group )
- Not possible
As user and machine authentication occur at different contexts.
ACS cannot verify the both at the same time.
Using MAR, you can, though club the both together and achieve:
"machine is part of domain and user is valid only then he should be able to have full access"
Tips for configuring MAR:
1) Set the client to perform user or computer authentication.
2) Create two rules in authorization, one for user and and one for machine (identity them by using group membership on AD).
3) Enable MAR under the AD configuration page on ACS and set the aging time.
4) In the user rule, customize and use the condition "Was machine authenticated" and set it to true.
Rate if useful
04-30-2013 03:22 AM
Hi,
IF ( wired_802.1x and AD:externalgroup EQUAL dommain computer AND AD:exteranalgroup EQUAL Some_domain_user_group )
- Not possible
As user and machine authentication occur at different contexts.
ACS cannot verify the both at the same time.
Using MAR, you can, though club the both together and achieve:
"machine is part of domain and user is valid only then he should be able to have full access"
Tips for configuring MAR:
1) Set the client to perform user or computer authentication.
2) Create two rules in authorization, one for user and and one for machine (identity them by using group membership on AD).
3) Enable MAR under the AD configuration page on ACS and set the aging time.
4) In the user rule, customize and use the condition "Was machine authenticated" and set it to true.
Rate if useful
04-30-2013 04:21 AM
It was extremely helpful.
Thanks and rated.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide