Hi,

are you talking about the hostname from the hostname colomn in NAC Mgr or
the hostname, i.e. "host/pcname123" from the username colomn?

If you do user authentication, i.e. 802.1X PEAP, or machine/host
authentication, i.e. 802.1X EAP-TLS, both times the important
"username/hostname" is found in the "username" colomn, not "hostname"
colomn in NAC Mgr.

The hostname colomn information is not used for 802.1x authentication, the
username information from the username colomn is the important/interesting
one which is used and needed for 802.1x.

Thanks in advance.

Kind regards,

Markus


___________________________

On 02.07.2013, at 08:37, "Read, Simon" <***@nashua-communications.com>
wrote:

Hi All,



I’ve been monitoring the wired NAC roll-out to one of our departments. All
going pretty well, but every now and again a PC will attempt to
authenticate using it’s hostname, rather than the username, and gets a
Reject. The ICT guys have been disconnecting the PC to get it to
re-authenticate again.



Has anybody seen this behaviour before and can you suggest a way to prevent
or ignore the hostname being sent?





*Simon Read*

*Service Engineer***



*Nashua Communications (Pty) Ltd.*

Unit 10 Growthpoint Business Park,

No 2 Tonnetti Street, Midrand, 1685

Cell: +27 (0)84 676 9200

DDI:+27 (0)10 001 3042

Fax: +27 (0)10 001 2500

***@nashua-communications.com<***@nashua-communications.com>

www.nashua-communications.com



<image001.gif>



Disclaimer and Confidentiality Note

This e-mail communication, its attachments, if any, and any rights
attaching to it are, unless the context clearly indicates otherwise, the
property of Nashua Communications. It is confidential, private and intended
for the addressee only. If you are not the intended recipient and receive
this communication in error, you are hereby notified that any review,
copying, use, discloser or distribution in any manner whatsoever is
strictly prohibited. Please notify the sender immediately that you have
received this e-mail in error and delete the e-mail and any copies of it.
Views and opinions expressed in this e-mail are those of the sender unless
clearly stated as those of Nashua Communications. Nashua Communications
accepts no liability for any loss or damage whatsoever, and howsoever
incurred or suffered resulting or arising from the use of this e-mail
communication and/or its attachments.

Nashua Communications does not warrant the integrity of this e-mail
communication nor that it is free of errors, viruses, interception or
interference.
Nashua Communications, its divisions and subsidiary companies expressly
excludes sections 11, 12, and 13 of the Electronic Communications and
Transactions Act, 25 of 2002 (“the ECT”) in respect of e-contracting. No
data message or electronic communication will be recognised as having a
legal contractual status under the ECT Act. All agreements concluded by
Nashua Communications will only be legally binding when reduced to physical
writing and physically signed by a duly authorised representative of Nashua
Communications.

For more information about Nashua Communications, visit our website at
www.nashuacommunications.co.za


*Disclaimer*

The information contained in this communication from the sender is
confidential. It is intended solely for use by the recipient and others
authorized to receive it. If you are not the recipient, you are hereby
notified that any disclosure, copying, distribution or taking action in
relation of the contents of this information is strictly prohibited and may
be unlawful.

This email has been scanned for viruses and malware, and automatically
archived by *Mimecast SA (Pty) Ltd*, an innovator in Software as a Service
(SaaS) for business. *Mimecast Unified Email Management ™ (UEM)* offers
email continuity, security, archiving and compliance with all current
legislation. To find out more, contact Mimecast<http://www.mimecast.co.za/uem>.
itevomcid


- --To unsubscribe from enterasys, send email to ***@unc.edu with
the body: unsubscribe enterasys ***@enterasys.com

---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

Hi Markus,

Thanks for the feedback. When I see the Reject, the hostname appears in the username column. When the PC logs in successfully the username column is populated with the correct username.

Does it look like a setting on our PC's that needs to change?

Simon Read
Service Engineer

Nashua Communications (Pty) Ltd.
Unit 10 Growthpoint Business Park,
No 2 Tonnetti Street, Midrand, 1685
Cell: +27 (0)84 676 9200
DDI:+27 (0)10 001 3042
Fax: +27 (0)10 001 2500
***@nashua-communications.com<mailto:***@nashua-communications.com>
www.nashua-communications.com<http://www.nashua-communications.com/>

[Description: Nashua Communications EMAIL Logo2.gif]

From: Markus Kaiser [mailto:***@enterasys.com]
Sent: 02 July 2013 09:12 AM
To: Enterasys Customer Mailing List
Subject: Re: [enterasys] - NAC - 802.1x attempts by hostname rather than username get a reject

Hi,

are you talking about the hostname from the hostname colomn in NAC Mgr or the hostname, i.e. "host/pcname123" from the username colomn?

If you do user authentication, i.e. 802.1X PEAP, or machine/host authentication, i.e. 802.1X EAP-TLS, both times the important "username/hostname" is found in the "username" colomn, not "hostname" colomn in NAC Mgr.

The hostname colomn information is not used for 802.1x authentication, the username information from the username colomn is the important/interesting one which is used and needed for 802.1x.

Thanks in advance.

Kind regards,

Markus


___________________________

On 02.07.2013, at 08:37, "Read, Simon" <***@nashua-communications.com<mailto:***@nashua-communications.com>> wrote:
Hi All,

I've been monitoring the wired NAC roll-out to one of our departments. All going pretty well, but every now and again a PC will attempt to authenticate using it's hostname, rather than the username, and gets a Reject. The ICT guys have been disconnecting the PC to get it to re-authenticate again.

Has anybody seen this behaviour before and can you suggest a way to prevent or ignore the hostname being sent?


Simon Read
Service Engineer

Nashua Communications (Pty) Ltd.
Unit 10 Growthpoint Business Park,
No 2 Tonnetti Street, Midrand, 1685
Cell: +27 (0)84 676 9200
DDI:+27 (0)10 001 3042
Fax: +27 (0)10 001 2500
***@nashua-communications.com<mailto:***@nashua-communications.com>
www.nashua-communications.com<http://www.nashua-communications.com/>

<image001.gif>


Disclaimer and Confidentiality Note

This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the context clearly indicates otherwise, the property of Nashua Communications. It is confidential, private and intended for the addressee only. If you are not the intended recipient and receive this communication in error, you are hereby notified that any review, copying, use, discloser or distribution in any manner whatsoever is strictly prohibited. Please notify the sender immediately that you have received this e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of Nashua Communications. Nashua Communications accepts no liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising from the use of this e-mail communication and/or its attachments.

Nashua Communications does not warrant the integrity of this e-mail communication nor that it is free of errors, viruses, interception or interference.
Nashua Communications, its divisions and subsidiary companies expressly excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002 ("the ECT") in respect of e-contracting. No data message or electronic communication will be recognised as having a legal contractual status under the ECT Act. All agreements concluded by Nashua Communications will only be legally binding when reduced to physical writing and physically signed by a duly authorised representative of Nashua Communications.

For more information about Nashua Communications, visit our website at www.nashuacommunications.co.za<http://www.nashuacommunications.co.za>


Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and automatically archived by Mimecast SA (Pty) Ltd, an innovator in Software as a Service (SaaS) for business. Mimecast Unified Email Management (tm) (UEM) offers email continuity, security, archiving and compliance with all current legislation. To find out more, contact Mimecast<http://www.mimecast.co.za/uem>. itevomcid

* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@enterasys.com<mailto:***@enterasys.com>

* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@nashua-communications.com<mailto:***@nashua-communications.com>

Disclaimer and Confidentiality Note

This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the context clearly indicates otherwise, the property of Nashua Communications. It is confidential, private and intended for the addressee only. If you are not the intended recipient and receive this communication in error, you are hereby notified that any review, copying, use, discloser or distribution in any manner whatsoever is strictly prohibited. Please notify the sender immediately that you have received this e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of Nashua Communications. Nashua Communications accepts no liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising from the use of this e-mail communication and/or its attachments.

Nashua Communications does not warrant the integrity of this e-mail communication nor that it is free of errors, viruses, interception or interference.
Nashua Communications, its divisions and subsidiary companies expressly excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002 (“the ECT”) in respect of e-contracting. No data message or electronic communication will be recognised as having a legal contractual status under the ECT Act. All agreements concluded by Nashua Communications will only be legally binding when reduced to physical writing and physically signed by a duly authorised representative of Nashua Communications.

For more information about Nashua Communications, visit our website at www.nashuacommunications.co.za

---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

Hi,

Try to set User authentication on Authentication Tab in Properties of the Wired LAN (Windows Settings).

Regards
Pawel
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

Hi Simon,

what is the authentication method for that host, which is shown in NAC Mgr
- I think 802.1X EAP-TLS?

Or does it say 802.1X Identity.
Further right in the line of that host, does it say something about "radius
request became stale", "system is miscconfigured" or "authentication
request rejected by radius server"?

Maybe you can mark the line of that host, right-click -> Table Tools ->
Copy selected row and send it via email.

For 802.1X EAP-TLS you will either need a (Web-Server) Certificate on the
NAC appliance or you need to proxy the radius authentication request to a
backend radius server (i.e. MS IAS server, freeRadius), which is configured
to authenticate machine certificates.

Thanks in advance.

Markus

___________________________

On 02.07.2013, at 09:22, "Read, Simon" <***@nashua-communications.com>
wrote:

Hi Markus,



Thanks for the feedback. When I see the Reject, the hostname appears in the
username column. When the PC logs in successfully the username column is
populated with the correct username.



Does it look like a setting on our PC’s that needs to change?



*Simon Read*

*Service Engineer***



*Nashua Communications (Pty) Ltd.*

Unit 10 Growthpoint Business Park,

No 2 Tonnetti Street, Midrand, 1685

Cell: +27 (0)84 676 9200

DDI:+27 (0)10 001 3042

Fax: +27 (0)10 001 2500

***@nashua-communications.com<***@nashua-communications.com>

www.nashua-communications.com



<image001.gif>



*From:* Markus Kaiser [mailto:***@enterasys.com <***@enterasys.com>]

*Sent:* 02 July 2013 09:12 AM
*To:* Enterasys Customer Mailing List
*Subject:* Re: [enterasys] - NAC - 802.1x attempts by hostname rather than
username get a reject



Hi,



are you talking about the hostname from the hostname colomn in NAC Mgr or
the hostname, i.e. "host/pcname123" from the username colomn?



If you do user authentication, i.e. 802.1X PEAP, or machine/host
authentication, i.e. 802.1X EAP-TLS, both times the important
"username/hostname" is found in the "username" colomn, not "hostname"
colomn in NAC Mgr.



The hostname colomn information is not used for 802.1x authentication, the
username information from the username colomn is the important/interesting
one which is used and needed for 802.1x.



Thanks in advance.



Kind regards,



Markus



___________________________


On 02.07.2013, at 08:37, "Read, Simon" <***@nashua-communications.com>
wrote:

Hi All,



I’ve been monitoring the wired NAC roll-out to one of our departments. All
going pretty well, but every now and again a PC will attempt to
authenticate using it’s hostname, rather than the username, and gets a
Reject. The ICT guys have been disconnecting the PC to get it to
re-authenticate again.



Has anybody seen this behaviour before and can you suggest a way to prevent
or ignore the hostname being sent?





*Simon Read*

*Service Engineer*



*Nashua Communications (Pty) Ltd.*

Unit 10 Growthpoint Business Park,

No 2 Tonnetti Street, Midrand, 1685

Cell: +27 (0)84 676 9200

DDI:+27 (0)10 001 3042

Fax: +27 (0)10 001 2500

***@nashua-communications.com<***@nashua-communications.com>

www.nashua-communications.com



<image001.gif>



Disclaimer and Confidentiality Note

This e-mail communication, its attachments, if any, and any rights
attaching to it are, unless the context clearly indicates otherwise, the
property of Nashua Communications. It is confidential, private and intended
for the addressee only. If you are not the intended recipient and receive
this communication in error, you are hereby notified that any review,
copying, use, discloser or distribution in any manner whatsoever is
strictly prohibited. Please notify the sender immediately that you have
received this e-mail in error and delete the e-mail and any copies of it.
Views and opinions expressed in this e-mail are those of the sender unless
clearly stated as those of Nashua Communications. Nashua Communications
accepts no liability for any loss or damage whatsoever, and howsoever
incurred or suffered resulting or arising from the use of this e-mail
communication and/or its attachments.

Nashua Communications does not warrant the integrity of this e-mail
communication nor that it is free of errors, viruses, interception or
interference.
Nashua Communications, its divisions and subsidiary companies expressly
excludes sections 11, 12, and 13 of the Electronic Communications and
Transactions Act, 25 of 2002 (“the ECT”) in respect of e-contracting. No
data message or electronic communication will be recognised as having a
legal contractual status under the ECT Act. All agreements concluded by
Nashua Communications will only be legally binding when reduced to physical
writing and physically signed by a duly authorised representative of Nashua
Communications.

For more information about Nashua Communications, visit our website at
www.nashuacommunications.co.za



*Disclaimer*

The information contained in this communication from the sender is
confidential. It is intended solely for use by the recipient and others
authorized to receive it. If you are not the recipient, you are hereby
notified that any disclosure, copying, distribution or taking action in
relation of the contents of this information is strictly prohibited and may
be unlawful.

This email has been scanned for viruses and malware, and automatically
archived by *Mimecast SA (Pty) Ltd*, an innovator in Software as a Service
(SaaS) for business. *Mimecast Unified Email Management ™ (UEM)* offers
email continuity, security, archiving and compliance with all current
legislation. To find out more, contact Mimecast<http://www.mimecast.co.za/uem>.
itevomcid

- --To unsubscribe from enterasys, send email to ***@unc.edu with
the body: unsubscribe enterasys ***@enterasys.com


- --To unsubscribe from enterasys, send email to ***@unc.edu with
the body: unsubscribe enterasys ***@nashua-communications.com

Disclaimer and Confidentiality Note

This e-mail communication, its attachments, if any, and any rights
attaching to it are, unless the context clearly indicates otherwise, the
property of Nashua Communications. It is confidential, private and intended
for the addressee only. If you are not the intended recipient and receive
this communication in error, you are hereby notified that any review,
copying, use, discloser or distribution in any manner whatsoever is
strictly prohibited. Please notify the sender immediately that you have
received this e-mail in error and delete the e-mail and any copies of it.
Views and opinions expressed in this e-mail are those of the sender unless
clearly stated as those of Nashua Communications. Nashua Communications
accepts no liability for any loss or damage whatsoever, and howsoever
incurred or suffered resulting or arising from the use of this e-mail
communication and/or its attachments.

Nashua Communications does not warrant the integrity of this e-mail
communication nor that it is free of errors, viruses, interception or
interference.
Nashua Communications, its divisions and subsidiary companies expressly
excludes sections 11, 12, and 13 of the Electronic Communications and
Transactions Act, 25 of 2002 (“the ECT”) in respect of e-contracting. No
data message or electronic communication will be recognised as having a
legal contractual status under the ECT Act. All agreements concluded by
Nashua Communications will only be legally binding when reduced to physical
writing and physically signed by a duly authorised representative of Nashua
Communications.

For more information about Nashua Communications, visit our website at
www.nashuacommunications.co.za


- --To unsubscribe from enterasys, send email to ***@unc.edu with
the body: unsubscribe enterasys ***@enterasys.com

---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

Hi Simon,

Of course set this on workstations :)

Regards
Paweł
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

Hi,

Pawel is right, this should be checked as well, if you only want to use
user authentication (802.1X PEAP, single sign on) and not machine/host
authentication.

Pawel described it right for Windows 7 machines for example, if you have
Windows XP SP3 then you might want to check the 802.1X settings (if machine
or/and user auth is enabled) lile described at following site:

http://support.microsoft.com/kb/929847

Thanks.

Kind regards,

Markus


___________________________

On 02.07.2013, at 09:36, "Pawe³ Kuleszyñski" <***@krakowairport.pl>
wrote:

Hi,

Try to set User authentication on Authentication Tab in Properties of the
Wired LAN (Windows Settings).

Regards
Pawel

Wiadomo¶æ napisana przez Read, Simon w dniu 2 lip 2013, o godz. 09:18:

Hi Markus,


Thanks for the feedback. When I see the Reject, the hostname appears in the
username column. When the PC logs in successfully the username column is
populated with the correct username.


Does it look like a setting on our PC's that needs to change?


Simon Read

Service Engineer


Nashua Communications (Pty) Ltd.

Unit 10 Growthpoint Business Park,

No 2 Tonnetti Street, Midrand, 1685

Cell: +27 (0)84 676 9200

DDI:+27 (0)10 001 3042

Fax: +27 (0)10 001 2500

***@nashua-communications.com

www.nashua-communications.com


<image001.gif>


From: Markus Kaiser [mailto:***@enterasys.com <***@enterasys.com>]

Sent: 02 July 2013 09:12 AM

To: Enterasys Customer Mailing List

Subject: Re: [enterasys] - NAC - 802.1x attempts by hostname rather than
username get a reject


Hi,


are you talking about the hostname from the hostname colomn in NAC Mgr or
the hostname, i.e. "host/pcname123" from the username colomn?


If you do user authentication, i.e. 802.1X PEAP, or machine/host
authentication, i.e. 802.1X EAP-TLS, both times the important
"username/hostname" is found in the "username" colomn, not "hostname"
colomn in NAC Mgr.


The hostname colomn information is not used for 802.1x authentication, the
username information from the username colomn is the important/interesting
one which is used and needed for 802.1x.


Thanks in advance.


Kind regards,


Markus



___________________________


On 02.07.2013, at 08:37, "Read, Simon" <***@nashua-communications.com>
wrote:


Hi All,


I've been monitoring the wired NAC roll-out to one of our departments. All
going pretty well, but every now and again a PC will attempt to
authenticate using it's hostname, rather than the username, and gets a
Reject. The ICT guys have been disconnecting the PC to get it to
re-authenticate again.


Has anybody seen this behaviour before and can you suggest a way to prevent
or ignore the hostname being sent?



Simon Read

Service Engineer


Nashua Communications (Pty) Ltd.

Unit 10 Growthpoint Business Park,

No 2 Tonnetti Street, Midrand, 1685

Cell: +27 (0)84 676 9200

DDI:+27 (0)10 001 3042

Fax: +27 (0)10 001 2500

***@nashua-communications.com

www.nashua-communications.com


<image001.gif>


Disclaimer and Confidentiality Note


This e-mail communication, its attachments, if any, and any rights
attaching to it are, unless the context clearly indicates otherwise, the
property of Nashua Communications. It is confidential, private and intended
for the addressee only. If you are not the intended recipient and receive
this communication in error, you are hereby notified that any review,
copying, use, discloser or distribution in any manner whatsoever is
strictly prohibited. Please notify the sender immediately that you have
received this e-mail in error and delete the e-mail and any copies of it.
Views and opinions expressed in this e-mail are those of the sender unless
clearly stated as those of Nashua Communications. Nashua Communications
accepts no liability for any loss or damage whatsoever, and howsoever
incurred or suffered resulting or arising from the use of this e-mail
communication and/or its attachments.


Nashua Communications does not warrant the integrity of this e-mail
communication nor that it is free of errors, viruses, interception or
interference.

Nashua Communications, its divisions and subsidiary companies expressly
excludes sections 11, 12, and 13 of the Electronic Communications and
Transactions Act, 25 of 2002 ("the ECT") in respect of e-contracting. No
data message or electronic communication will be recognised as having a
legal contractual status under the ECT Act. All agreements concluded by
Nashua Communications will only be legally binding when reduced to physical
writing and physically signed by a duly authorised representative of Nashua
Communications.


For more information about Nashua Communications, visit our website at
www.nashuacommunications.co.za




Disclaimer


The information contained in this communication from the sender is
confidential. It is intended solely for use by the recipient and others
authorized to receive it. If you are not the recipient, you are hereby
notified that any disclosure, copying, distribution or taking action in
relation of the contents of this information is strictly prohibited and may
be unlawful.


This email has been scanned for viruses and malware, and automatically
archived by Mimecast SA (Pty) Ltd, an innovator in Software as a Service
(SaaS) for business.Mimecast Unified Email Management (tm) (UEM) offers email
continuity, security, archiving and compliance with all current
legislation. To find out more, contact Mimecast. itevomcid


* --To unsubscribe from enterasys, send email to ***@unc.edu with
the body: unsubscribe enterasys ***@enterasys.com

* --To unsubscribe from enterasys, send email to ***@unc.edu with
the body: unsubscribe enterasys ***@nashua-communications.com

Disclaimer and Confidentiality Note


This e-mail communication, its attachments, if any, and any rights
attaching to it are, unless the context clearly indicates otherwise, the
property of Nashua Communications. It is confidential, private and intended
for the addressee only. If you are not the intended recipient and receive
this communication in error, you are hereby notified that any review,
copying, use, discloser or distribution in any manner whatsoever is
strictly prohibited. Please notify the sender immediately that you have
received this e-mail in error and delete the e-mail and any copies of it.
Views and opinions expressed in this e-mail are those of the sender unless
clearly stated as those of Nashua Communications. Nashua Communications
accepts no liability for any loss or damage whatsoever, and howsoever
incurred or suffered resulting or arising from the use of this e-mail
communication and/or its attachments.


Nashua Communications does not warrant the integrity of this e-mail
communication nor that it is free of errors, viruses, interception or
interference.

Nashua Communications, its divisions and subsidiary companies expressly
excludes sections 11, 12, and 13 of the Electronic Communications and
Transactions Act, 25 of 2002 ("the ECT") in respect of e-contracting. No
data message or electronic communication will be recognised as having a
legal contractual status under the ECT Act. All agreements concluded by
Nashua Communications will only be legally binding when reduced to physical
writing and physically signed by a duly authorised representative of Nashua
Communications.


For more information about Nashua Communications, visit our website at
www.nashuacommunications.co.za



* --To unsubscribe from enterasys, send email to ***@unc.edu with
the body: unsubscribe enterasys ***@krakowairport.pl



---
To unsubscribe from enterasys, send email to ***@unc.edu with the
body: unsubscribe enterasys ***@enterasys.com

---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

It's the default behaviour of windows machines to attempt host based authentication if no username is provided. You can disable this by setting username only authentication in the advanced 802.1x settings.

On 02/07/2013, at 5:18 PM, "Read, Simon" <***@nashua-communications.com<mailto:***@nashua-communications.com>> wrote:

Hi Markus,

Thanks for the feedback. When I see the Reject, the hostname appears in the username column. When the PC logs in successfully the username column is populated with the correct username.

Does it look like a setting on our PC’s that needs to change?

Simon Read
Service Engineer

Nashua Communications (Pty) Ltd.
Unit 10 Growthpoint Business Park,
No 2 Tonnetti Street, Midrand, 1685
Cell: +27 (0)84 676 9200
DDI:+27 (0)10 001 3042
Fax: +27 (0)10 001 2500
***@nashua-communications.com<mailto:***@nashua-communications.com>
www.nashua-communications.com<http://www.nashua-communications.com/>

<image001.gif>

From: Markus Kaiser [mailto:***@enterasys.com<http://enterasys.com>]
Sent: 02 July 2013 09:12 AM
To: Enterasys Customer Mailing List
Subject: Re: [enterasys] - NAC - 802.1x attempts by hostname rather than username get a reject

Hi,

are you talking about the hostname from the hostname colomn in NAC Mgr or the hostname, i.e. "host/pcname123" from the username colomn?

If you do user authentication, i.e. 802.1X PEAP, or machine/host authentication, i.e. 802.1X EAP-TLS, both times the important "username/hostname" is found in the "username" colomn, not "hostname" colomn in NAC Mgr.

The hostname colomn information is not used for 802.1x authentication, the username information from the username colomn is the important/interesting one which is used and needed for 802.1x.

Thanks in advance.

Kind regards,

Markus


___________________________

On 02.07.2013, at 08:37, "Read, Simon" <***@nashua-communications.com<mailto:***@nashua-communications.com>> wrote:
Hi All,

I’ve been monitoring the wired NAC roll-out to one of our departments. All going pretty well, but every now and again a PC will attempt to authenticate using it’s hostname, rather than the username, and gets a Reject. The ICT guys have been disconnecting the PC to get it to re-authenticate again.

Has anybody seen this behaviour before and can you suggest a way to prevent or ignore the hostname being sent?


Simon Read
Service Engineer

Nashua Communications (Pty) Ltd.
Unit 10 Growthpoint Business Park,
No 2 Tonnetti Street, Midrand, 1685
Cell: +27 (0)84 676 9200
DDI:+27 (0)10 001 3042
Fax: +27 (0)10 001 2500
***@nashua-communications.com<mailto:***@nashua-communications.com>
www.nashua-communications.com<http://www.nashua-communications.com/>

<image001.gif>


Disclaimer and Confidentiality Note

This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the context clearly indicates otherwise, the property of Nashua Communications. It is confidential, private and intended for the addressee only. If you are not the intended recipient and receive this communication in error, you are hereby notified that any review, copying, use, discloser or distribution in any manner whatsoever is strictly prohibited. Please notify the sender immediately that you have received this e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of Nashua Communications. Nashua Communications accepts no liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising from the use of this e-mail communication and/or its attachments.

Nashua Communications does not warrant the integrity of this e-mail communication nor that it is free of errors, viruses, interception or interference.
Nashua Communications, its divisions and subsidiary companies expressly excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002 (“the ECT”) in respect of e-contracting. No data message or electronic communication will be recognised as having a legal contractual status under the ECT Act. All agreements concluded by Nashua Communications will only be legally binding when reduced to physical writing and physically signed by a duly authorised representative of Nashua Communications.

For more information about Nashua Communications, visit our website atwww.nashuacommunications.co.za<http://www.nashuacommunications.co.za>


Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and automatically archived by Mimecast SA (Pty) Ltd, an innovator in Software as a Service (SaaS) for business. Mimecast Unified Email Management ™ (UEM) offers email continuity, security, archiving and compliance with all current legislation. To find out more, contact Mimecast<http://www.mimecast.co.za/uem>. itevomcid

* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu>with the body: unsubscribe enterasys ***@enterasys.com<mailto:***@enterasys.com>

* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@nashua-communications.com<mailto:***@nashua-communications.com>

Disclaimer and Confidentiality Note

This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the context clearly indicates otherwise, the property of Nashua Communications. It is confidential, private and intended for the addressee only. If you are not the intended recipient and receive this communication in error, you are hereby notified that any review, copying, use, discloser or distribution in any manner whatsoever is strictly prohibited. Please notify the sender immediately that you have received this e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of Nashua Communications. Nashua Communications accepts no liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising from the use of this e-mail communication and/or its attachments.

Nashua Communications does not warrant the integrity of this e-mail communication nor that it is free of errors, viruses, interception or interference.
Nashua Communications, its divisions and subsidiary companies expressly excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002 (“the ECT”) in respect of e-contracting. No data message or electronic communication will be recognised as having a legal contractual status under the ECT Act. All agreements concluded by Nashua Communications will only be legally binding when reduced to physical writing and physically signed by a duly authorised representative of Nashua Communications.

For more information about Nashua Communications, visit our website atwww.nashuacommunications.co.za<http://www.nashuacommunications.co.za>


* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@une.edu.au<mailto:***@une.edu.au>

--
Lucas Hazel <***@une.edu.au<mailto:***@une.edu.au>>

Communications Systems Officer (Networks)
Infrastructure Services Group

Information Technology
University of New England
Armidale NSW 2351

Phone +61267732666
Mobile +61407569330


---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

Thanks Pawel and all that replied,

I just worked that out after going over the setting with my PC colleagues. The setting was to use the computer or user credentials. They're going to push it as a Policy update and test.

Certainly makes sense!

Simon Read
Service Engineer

Nashua Communications (Pty) Ltd.
Unit 10 Growthpoint Business Park,
No 2 Tonnetti Street, Midrand, 1685
Cell: +27 (0)84  676 9200
DDI:+27 (0)10 001 3042
Fax: +27  (0)10 001 2500
***@nashua-communications.com
www.nashua-communications.com




-----Original Message-----
From: Pawe³ Kuleszyñski [mailto:***@krakowairport.pl]
Sent: 02 July 2013 09:42 AM
To: Enterasys Customer Mailing List
Subject: Re: [enterasys] - NAC - 802.1x attempts by hostname rather than username get a reject

Hi Simon,

Of course set this on workstations :)

Regards
Pawe³
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys ***@nashua-communications.com

Disclaimer and Confidentiality Note

This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the context clearly indicates otherwise, the property of Nashua Communications. It is confidential, private and intended for the addressee only. If you are not the intended recipient and receive this communication in error, you are hereby notified that any review, copying, use, discloser or distribution in any manner whatsoever is strictly prohibited. Please notify the sender immediately that you have received this e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of Nashua Communications. Nashua Communications accepts no liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising from the use of this e-mail communication and/or its attachments.

Nashua Communications does not warrant the integrity of this e-mail communication nor that it is free of errors, viruses, interception or interference.
Nashua Communications, its divisions and subsidiary companies expressly excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002 (“the ECT”) in respect of e-contracting. No data message or electronic communication will be recognised as having a legal contractual status under the ECT Act. All agreements concluded by Nashua Communications will only be legally binding when reduced to physical writing and physically signed by a duly authorised representative of Nashua Communications.

For more information about Nashua Communications, visit our website at www.nashuacommunications.co.za



Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and automatically archived by Mimecast SA (Pty) Ltd, an innovator in Software as a Service (SaaS) for business. Mimecast Unified Email Management (UEM) offers email continuity, security, archiving and compliance with all current legislation. To find out more, visit http://www.mimecast.co.za/uem.
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org