Discussion:
Q: windows, hp procurve 2524, freeradius.
(too old to reply)
nospam
2008-06-13 10:10:28 UTC
Permalink
Hello,
I am setting up mac-based authentication on my LAN. ( My
environment doesn't need of strong security, but a little more of
order ;-) ).

While the configuration of the hp switches hp 2600 is pretty easy and
it is working
fine with freeradius and mac-based authentication, I have some
problems with the
hp procurve 2524.
These switches can do 802.1x, and somebody in a web forum told me that
it is
possible get the mac-based authentication from the hp 2524 by
configuring the
802.1x.
After the configuration of the switch, the default config of the
windows-XP client,
doesn't connect to the network ( smart card or other certificate ).
Ok, there is not a computer certificate and this is not what I want.

Instead, by enabling 802.1x on the windows-Xp client, the windows
client opens
a pop-up window asking for username and password;
closing it without typing in result in an unsuccessful authentication
because the radius (the same radius that works fine with hp 26xx ) get
a null username...
Any help? Thanks, bye.
------------------------------------------------------------------------------------------------------------------------
S. Pidgorny <MVP>
2008-06-15 05:04:41 UTC
Permalink
You were told wrong: 802.1x implementations don't feature host
authentication based solely on the client MAC. They all require a supplicant
and authentication method, usually a form of EAP.

I don't know about the HP switch - probably you'll have to go to the forum
where you got that advise and ask for a howto.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *
Post by nospam
Hello,
I am setting up mac-based authentication on my LAN. ( My
environment doesn't need of strong security, but a little more of
order ;-) ).
While the configuration of the hp switches hp 2600 is pretty easy and
it is working
fine with freeradius and mac-based authentication, I have some
problems with the
hp procurve 2524.
These switches can do 802.1x, and somebody in a web forum told me that
it is
possible get the mac-based authentication from the hp 2524 by
configuring the
802.1x.
After the configuration of the switch, the default config of the
windows-XP client,
doesn't connect to the network ( smart card or other certificate ).
Ok, there is not a computer certificate and this is not what I want.
Instead, by enabling 802.1x on the windows-Xp client, the windows
client opens
a pop-up window asking for username and password;
closing it without typing in result in an unsuccessful authentication
because the radius (the same radius that works fine with hp 26xx ) get
a null username...
Any help? Thanks, bye.
------------------------------------------------------------------------------------------------------------------------
nospam
2008-06-19 12:30:10 UTC
Permalink
Post by S. Pidgorny <MVP>
You were told wrong: 802.1x implementations don't feature host
authentication based solely on the client MAC. They all require a supplicant
and authentication method, usually a form of EAP.
I don't know about the HP switch - probably you'll have to go to the forum
where you got that advise and ask for a howto.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
*http://sl.mvps.org*http://msmvps.com/blogs/sp*
thank you for your answer. I get some improvements and now I have a
nicer
behavior of the system. (peap with mschap-v2 is working fine, so now I
can
get the authentication using an username/password pair or just using
the
mac-address as username and password).

One only annoying thing remains: windows pop-ups for credential and I
don't
like to type in the mac-address. Is it possible configure windows so
it use
automatically the mac-address as username and password?
Thanks a lot, bye.

Loading...