Unfortuantly Craig, I think they're looking for a bit more. This USER on this COMPUTER is authorized. Not two separate transaction, but one single transaction.
Matt, Yes this is a little unique I think, but not out of the park weird. I don't have a NPS server near me, but Matt, if you look at the logging, you should be able to see the RADIUS Logs. Every single attribute that you can take action on is listed there. Maybe you can find something that helps. On Thu, Feb 7, 2013 at 7:53 AM, Craig Pluchinsky <[email protected]> wrote: > We do something like this with laptops. The machines are a member of a > domain and have a group policy set that "Authentication Mode" is User or > Computer authentication. Then on the radius server (Microsoft IAS) we have > a rule for computers and a rule for domain users. When the laptop is first > turned on it auth's as the computer account. When the user logs in it > re-auths as the user account. > > > ------------------------------**- > Craig Pluchinsky > IT Services > Indiana University of Pennsylvania > 724-357-3327 > > > > On Thu, 7 Feb 2013, Ashfield, Matt (NBCC) wrote: > > >> Well ideally, the scenario we’d like is: >> >> Computer boots up to login screen. User logs in, and is at that point (or >> earlier) connected/authenticated to wifi by way of >> having authenticated the computer and the user credentials. At that >> point, login scripts and whatnot are able to run as the >> windows OS loads. >> >> I’m sure this is not a unique situation. Is anyone else doing something >> similar? >> >> >> >> Thanks >> >> Matt >> >> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: >> WIRELESS-LAN@LISTSERV.**EDUCAUSE.EDU <[email protected]>] >> On Behalf Of Heath >> Barnhart >> Sent: Wednesday, February 06, 2013 5:32 PM >> To: WIRELESS-LAN@LISTSERV.**EDUCAUSE.EDU<[email protected]> >> Subject: Re: [WIRELESS-LAN] using Microsoft Radius to authenticate user >> AND computer? >> >> >> >> Reading this technet page it looks like you can specify a condition of >> the computer being in a Machine Group and User being in >> User Group. I'm not an AD guy, so I don't understand the difference >> between the two groups, but as I recall different condition >> types are evaluated with an AND, so in theory you could do it that way. >> I'm interested in this as well, but haven't had time to >> play with it. >> >> >> Heath Barnhart, CCNA >> >> ITS Network Administrator >> >> Washburn University >> >> Topeka, KS >> >> >> On 02/06/2013 02:25 PM, Ashfield, Matt (NBCC) wrote: >> >> Hello >> >> >> We have Cisco 5508 controllers using Microsoft 2008r2 radius back-end. >> What we’d like to do is authenticate the device (make sure >> it is a domain PC) as well as the user (make sure they are a domain >> user). From what I can tell, it seems like we can do 1 or the >> other, but not both. It may be possible with a different Radius server >> from what I’ve read (Cisco ACS seems to have a wizard for >> this), but I’m wondering if anyone is doing this today using MSoft’s >> radius server? >> >> >> >> Any info you can provide is appreciated. >> >> >> >> Thanks >> >> >> >> >> >> Matt >> >> >> >> ********** Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/**groups/ <http://www.educause.edu/groups/>. >> >> ********** Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/**groups/ <http://www.educause.edu/groups/>. >> >> ********** Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/**groups/ <http://www.educause.edu/groups/>. >> >> >> >> > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at > http://www.educause.edu/**groups/<http://www.educause.edu/groups/> > . > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
