|
Home > Archive > Radius Server > May 2004 > 802.1x & vlan-assignement & logon script
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
802.1x & vlan-assignement & logon script
|
|
| Thomas Kuborn 2004-05-22, 5:46 am |
| Dear ng,
1/ When my computer boots up, it is authenticated through EAP-TLS at the
machine level & the switchport is put in VLAN x. When my user logs on,
EAP-TLS authentication is redone at the user level & the switchport is put
in VLAN x. Logon script (configuring in dsa.msc) is run successfully.
2/ When my computer boots up, it is authenticated through EAP-TLS at the
machine level & the switchport is put in VLAN x. When my user logs on,
EAP-TLS authentication is redone at the user level & the switchport is put
in VLAN y. Logon script (configuring in dsa.msc) does not run.
Why is this ?
How can this be solved ?
Would a GPO-script help ?
Regards,
- Thomas -
| |
| Ashwin Palekar\(MS\) 2004-05-22, 5:46 pm |
|
--
--
========================================
===================
This posting is provided "AS IS" with no warranties and confers no rights
========================================
===================
"Thomas Kuborn" <thomas@kuborn.be> wrote in message
news:40af225c$0$8394$a0ced6e1@news.skynet.be...
> Dear ng,
>
> 1/ When my computer boots up, it is authenticated through EAP-TLS at the
> machine level & the switchport is put in VLAN x. When my user logs on,
> EAP-TLS authentication is redone at the user level & the switchport is put
> in VLAN x. Logon script (configuring in dsa.msc) is run successfully.
>
> 2/ When my computer boots up, it is authenticated through EAP-TLS at the
> machine level & the switchport is put in VLAN x. When my user logs on,
> EAP-TLS authentication is redone at the user level & the switchport is put
> in VLAN y. Logon script (configuring in dsa.msc) does not run.
>
> Why is this ?
The script stops if connectivity is removed or ipaddress changed; which
happens in #2.
> How can this be solved ?
> Would a GPO-script help ?
My "guess" is that GPO-script might work; but not 100% sure.
>
> Regards,
>
> - Thomas -
>
>
| |
| Thomas Kuborn 2004-05-23, 7:30 am |
| Thx for the answer, I'll test this on monday ;-) & let you know
- Thomas -
"Ashwin Palekar(MS)" <ashwinp@online.microsoft.com> wrote in message
news:#eZvhzBQEHA.1160@TK2MSFTNGP09.phx.gbl...
>
>
> --
> --
> ========================================
===================
> This posting is provided "AS IS" with no warranties and confers no rights
> ========================================
===================
>
> "Thomas Kuborn" <thomas@kuborn.be> wrote in message
> news:40af225c$0$8394$a0ced6e1@news.skynet.be...
put[vbcol=seagreen]
put[vbcol=seagreen]
>
> The script stops if connectivity is removed or ipaddress changed; which
> happens in #2.
>
>
> My "guess" is that GPO-script might work; but not 100% sure.
>
>
>
| |
| Thomas Kuborn 2004-05-24, 4:33 pm |
| Hey Ashwin,
The GPO alone didn't cut it. I had to
1/ tune the DHCP Media Sensing using the registry key DisableDHCPMediaSense
(1) as described in
http://support.microsoft.com/defaul...B;en-us;q239924
2/ use GPO based logon script in synchronous mode
Would you happen to have detailed information on:
1/ what exactly is DHCP Media Sensing ?
2/ on the following processes interact (EAP-negotiation, DHCP, logon
scripts, GPO ...) ? some state machine with timers maybe ?
Regards,
- Thomas -
"Ashwin Palekar(MS)" <ashwinp@online.microsoft.com> wrote in message
news:#eZvhzBQEHA.1160@TK2MSFTNGP09.phx.gbl...
>
>
> --
> --
> ========================================
===================
> This posting is provided "AS IS" with no warranties and confers no rights
> ========================================
===================
>
> "Thomas Kuborn" <thomas@kuborn.be> wrote in message
> news:40af225c$0$8394$a0ced6e1@news.skynet.be...
put[vbcol=seagreen]
put[vbcol=seagreen]
>
> The script stops if connectivity is removed or ipaddress changed; which
> happens in #2.
>
>
> My "guess" is that GPO-script might work; but not 100% sure.
>
>
>
| |
| Thomas Kuborn 2004-05-25, 4:33 pm |
| That's not even stable.
Have you heard of the following setup working correctly ?
1/ machine auth --> vlan x
2/ user auth --> vlan y
3/ user logon script is processed currently so that mapped drive follow the
user wherever he goes
Cheers,
- Thomas -
"Thomas Kuborn" <thomas@kuborn.be> wrote in message
news:40b24f42$0$9750$a0ced6e1@news.skynet.be...
> Hey Ashwin,
>
> The GPO alone didn't cut it. I had to
> 1/ tune the DHCP Media Sensing using the registry key
DisableDHCPMediaSense
> (1) as described in
> http://support.microsoft.com/defaul...B;en-us;q239924
> 2/ use GPO based logon script in synchronous mode
>
> Would you happen to have detailed information on:
> 1/ what exactly is DHCP Media Sensing ?
> 2/ on the following processes interact (EAP-negotiation, DHCP, logon
> scripts, GPO ...) ? some state machine with timers maybe ?
>
> Regards,
>
> - Thomas -
>
> "Ashwin Palekar(MS)" <ashwinp@online.microsoft.com> wrote in message
> news:#eZvhzBQEHA.1160@TK2MSFTNGP09.phx.gbl...
rights[vbcol=seagreen]
the[vbcol=seagreen]
> put
the[vbcol=seagreen]
> put
>
>
|
|
|
|
|