[Dshield] Wireless MAC Authentication options.

John B. Holmblad jholmblad at aol.com
Mon Aug 29 16:59:56 GMT 2005


Moses,

I have put in a query to Microsoft about your point re NAP vs NAC as it 
relates to 802.1x.  For others on this list who might be interested here 
are the urls to a) a white paper from Microsoft on what they are up to 
with Network Access Protection and how it has evolved from Network 
Quarantine and b) some FAQ on the subject:

    
http://www.microsoft.com/windowsserver2003/techinfo/overview/napoverview.mspx

    http://www.microsoft.com/windowsserver2003/techinfo/overview/napfaq.mspx


Also, I did some checking of Group Policy supprort for certificate based 
authentication with 802.1x by opening up a pre-defined GP Object  called

    "Small Business Server Client Computer"

on Windows 2003 Small Business Server and, under the container path

Computer Configuration=>Administrative Templates=>Network=>Network 
Connections

there is a GP object entitled:

    "IEEE 802.1x Certificate Authority for Machine Authentication"

The text associated with the explanation of this object is as follows:

    If you want to use IEEE 802.1x machine authentication, configure
    this setting.

    If you enable this setting, it configures the Certificate Authority
    to be used on the client for authentication.

    To allow successful authentication, enable this setting and indicate
    the thumbprint or hash for your Certificate Authority.

    If you disable or do not configure this setting, the Certificate
    Authority for IEEE 802.1x machine authentication will not be
    configured on your client. This might cause machine authentication
    to fail.

    Note: The Certificate Authority that is configured by this setting
    only applies to machine authentication, and not to user authentication.

One of the constraints of this GPO however is that it is applicable only to Windows XP and Windows Server 2003 systems, and, apparently, not to W2K Server or Pro.


-- 
Best Regards,

John Holmblad

Televerage International
GSEC Gold,GCWN Gold,GGSC-0100,NSA-IAM

(H) 703 620 0672
(M) 703 407 2278
(F) 703 620 5388

primary email address:     jholmblad at aol.com
backup email address:      jholmblad at verizon.net



More information about the list mailing list