Hello all, I see that Ubuntu mistakenly do that. http://ubuntuforums.org/showthread.php?t=2202941 Sending "host/machine_name" mistakenly then I see that it is achieved NetworkManager but i am trying to figure out how can i do that on rhel since rhel NetworkManager on RHEL6 uses at /etc/NetworkManager/NetworkManager.conf [main] plugins=ifcfg-rh
which uses /etc/sysconfig/network-scripts/ifcfg-* script files. Regards. On Fri, Apr 4, 2014 at 5:53 AM, Michael Butash <[email protected]> wrote: > Not as far as I have been able to tell per how windoze handles it. I > asked this a while back, and short answer is no. > > Working in an enterprise wireless environment, of course windoze does this > (only at boot/logout), macs do this too (somewhat poorly), but there is > nothing analogous in linux directly. I worked with setting up a > system-level profile (using the "All users may connect to this network" > setting under the profile) for machine certs gotten from M$ Ent CA that > would be used by default, but honestly I couldn't get NM to work right with > the certs and gave up before leaving the company. > > I found prior ubuntu 12.04 wouldn't for whatever reason invoke that > profile without login, bumping it up to 13.10 fixed it, so ymmv here too. > In theory, using a general "machine" or system profile should get the > system online, and if doing role derivation ala Clearpass/ISE, should stick > you in a suitable quarantine/restricted access to AD, and then once a user > logs in, would then switch profiles to theirs specifically for full > access. I never got to see this fully work due to apparently certificate > bugs with NM for eap-tls, but that's another discussion. > > I'd love to see this work, we had to do some hacks to get linux users on > wireless, as part of our eap server policy was verifying the asset by > machine auth, or an MDM in it's place. Since linux really doesn't do or > have either, we ended up fudging it in as an MDM-trusted asset for blind > trust and staying with PEAP passwords, but in a 3500 user company with 10 > linux users, it was good enough. > > Using machine authentication is almost worse anyways, as no client handles > the transition well when role determines vlan access at the controller at a > L2 level, even windoze without specifically coa bouncing the association > hard (dhcp needs a link down/up to readdress). The whole business was > messy honestly, and just taught me not to rely on machine auth. > > It's be great to see this work still, but maybe something a company like > Likewise/Powerbroker or Centrify can handle to emulate gpo-ish machine auth > function like that for enterprise desktop linux to transition back and > forth from computer or user credentials, hopefully working better than > either win or mac. > > -mb > > > > On 04/03/2014 07:00 AM, Omer Faruk SEN wrote: > > Hello, > > I want to ask how can i use "Computer Authentication" on > NetworkManager-0.8.1. Is this a supported mode? If so where can i configure > it on the NM GUI? > > I am using RHEL 6.5 and I use NetworkManager-0.8.1-66.el6.x86_64 > > I want to state that RHEL 6.5 has joined to Microsoft AD environment. On > Windows environment we have : > > > > As far as I see this is not possible on NM on any version but wanted to > check it. > > Regards. > > > > > _______________________________________________ > networkmanager-list mailing > [email protected]https://mail.gnome.org/mailman/listinfo/networkmanager-list > > > > _______________________________________________ > networkmanager-list mailing list > [email protected] > https://mail.gnome.org/mailman/listinfo/networkmanager-list > >
_______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
