Issue with Symantec Network Access Control and Active Directory
Dear Colleagues,
I'm facing a problem when implement SNAC solution.
Here are our environment
1. All endpoint computers join one domain,
2. we use Full 802.1x Mode - With RADIUS authentication.
3. client computers are 802.1x enabled and configured with PEAP with mschapv2 authentication.
4. Users' domain account password can be modified by a web application.
Image this scenario:
when a user modifies his password through the web application, how could he logon his computer with his new password?
To my understanding, after user typing username and new password to logon, client computer can not contact domain controllers yet because SNAC will block it, thus authentication will be fail.Am I right?
If it does, how to deal with such situation?
Any comments are appreciated.
Regards
Ethan
Comments
Ethan have you tried this
Ethan
have you tried this already?
i think it should works fine this way.
because there is re-authentication setting in switch, normally 60s or longer...
->after user changed the password,
->machine should be able to connect with domain controller before the next authentication, and user credentials should be able to updated
Hi Figo, Thanks for your
Hi Figo,
Thanks for your comments
Yes, I tried and not passed, but we did not set re-authentication on swith;
Finally we use an alternative
-- turn on machine authentication on IAS and pass this scenario
great idea, please continue
great idea, please continue to contribute and share your ideas here
cheers
Figo
Would you like to reply?
Login or Register to post your comment.