[c-nsp] 802.1x / EAPOL

Ben Setnick ben at ratbert.org
Tue Aug 30 21:17:38 EDT 2005


There are two Windows registry keys you will want to look at:

HKEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters\General\Global\Au
thMode
Controls how Windows decides to whether to use User or Machine
credentials

HKEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters\General\Global\Su
pplicantMode
Controls when Windows sends EAPoL messages

See this thread for details:
http://www.securityfocus.com/archive/88/408794/30/0/threaded



-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Manu Chao
Sent: Tuesday, August 30, 2005 3:53 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] 802.1x / EAPOL

I am running 802.1x authentification and VLAN attribution on a LAN
environment (Microsoft 802.1x client on XP SP2) over 3750/6500 networks
+ ACS + Active Directory.
When a user login on a 802.1x computer, the 3750 port gets a VLAN from
ACS based on the user login.

Problem is when a user loggon a computer where the user account is not
yet created, there is no 802.1x request (EAPOL) and there is no way to
login!
I need to modify the Microsoft registery in order to send a 802.1x
request by default even if the user account is not yet localy created on
the Microsoft computer.

Can somebody help me to modify the EAPOL registry?

Thanks in advance,
Manu Chao
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/ 

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Manu Chao
Sent: Tuesday, August 30, 2005 3:53 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] 802.1x / EAPOL

I am running 802.1x authentification and VLAN attribution on a LAN
environment (Microsoft 802.1x client on XP SP2) over 3750/6500 networks
+ ACS + Active Directory.
When a user login on a 802.1x computer, the 3750 port gets a VLAN from
ACS based on the user login.

Problem is when a user loggon a computer where the user account is not
yet created, there is no 802.1x request (EAPOL) and there is no way to
login!
I need to modify the Microsoft registery in order to send a 802.1x
request by default even if the user account is not yet localy created on
the Microsoft computer.

Can somebody help me to modify the EAPOL registry?

Thanks in advance,
Manu Chao
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list