Discussion:
hello James McIllece helllp Access Control by Mac ias server
(too old to reply)
Mariano Valchs
2008-03-05 09:18:46 UTC
Permalink
Hello, I read a lot about mac authentication, but you do not understand what
you want to explain.

I feel my language but I am Spanish, and this has translated a program.

I show you my situation.

I have a server ias 2003 server, which authenticates to AD.

What I want is to take the direction of the Mac targeta ethernet network and
send ad if this discharge consents.

I am what you might explain step by step.
James McIllece [MS]
2008-03-05 19:39:46 UTC
Permalink
Post by Mariano Valchs
Hello, I read a lot about mac authentication, but you do not
understand what you want to explain.
I feel my language but I am Spanish, and this has translated a
program.
I show you my situation.
I have a server ias 2003 server, which authenticates to AD.
What I want is to take the direction of the Mac targeta ethernet
network and send ad if this discharge consents.
I am what you might explain step by step.
Hola Mariano --

My Spanish isn't very good (mi Espanol no esta muy bueno) so I will have to
write this mostly in English, pero esto informacion es mas nuevo:

MAC address authorization
Media Access Control (MAC) address authorization functions in the same way
as ANI authorization, but it is used for wireless clients and clients
connecting to your network by using an 802.1X authenticating switch.

MAC address authorization is based on the MAC address of the network
adapter installed in the user’s client computer. Like ANI authorization,
MAC address authorization uses the Calling-Station-ID attribute instead of
user name and password or certificate-based credentials to identify the
user during the connection attempt.

MAC address authorization is performed when the user does not type in any
user name or password, and refuses to use any valid authentication method.
In this case, IAS receives Calling-Station-ID, and no user name and
password. To support MAC address authorization, the Active Directory must
have user accounts with MAC addresses as user names.

MAC address authorization is enabled when you do the following:

1. Enable MAC address authorization on access servers (such as wireless
APs).

2. Enable unauthenticated access on the appropriate remote access policy
for MAC address-based authentication, and enable PAP.

3. Create a user account for each MAC address for which you want to provide
MAC address authorization. The name of the user account must match the MAC
address of the network adapter installed in the computer from which the
user is connecting. The format of the password assigned to the account is
determined by the network access server vendor. Review the network access
server documentation to determine the appropriate password.

4.Set the User Identity Attribute registry value to 31 on the
authenticating server. This registry value location is:
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy

-- The User Identity Attribute registry DWORD decimal value: 31


5. To always use the MAC address as the user identity, set the Override
User-Name registry value to 1 on the IAS server. This registry value
location is: HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy

-- The Override User-Name registry DWORD decimal value: 1

Mira the IAS Technical Reference:

http://technet2.microsoft.com/WindowsServer/en/library/e9a30a60-7f8b-435f-
b210-d47c3b7ecb961033.mspx
--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
Loading...