LEAP with machine authentication? Any hints

o-ziltener · ‎02-07-2005

Hello

I have a strange behavior in my lab. I use an ACS 3.3.1 which is installed on Win2000 AD-server. The ACS use the ms-database for wireless user authentication. Every time, before I get the gina windows, the Wireless clients tries first to authenticate the machine and fails. The user "machine" does not exits in the windows-database nor in the acs-databases, this is why the client failt. Afterwards there is no problem with manually user-authentication. I use the newest ADU. Can I turn off machine authentication or what is the machine password?

any input is very welcome

Oliver

edgar.reinke · ‎02-09-2005

To get machine credentials you have to map your pc into a domain (which requires a password). After that you can find your pc in the active directory (computers). Password is negotiated between your pc and the DC. This mapping should initally be done through e. g. a wired connection.

You can switch off machine authentication in your PEAP client, but this has some drawbacks: If no one is logged in, your pc has no network connection. Therefore, you cannot use tools for e. g. software distribution and so on.

If you log into your pc, you will get a network connection and everything is fine (that is what you have observed).

Result: Map your client into a domain via a wired network (one time action). After that you can cut-off your wired connection and restart your pc. Machine authentication and user authentication will work via the wireless network.

Edgar