Auth through EAP-TLS for non-domain printer
I cannot find a proper tutorial on how to solve my problem. Our company uses for authentication EAP-TLS for wireless. Now I plan to implement 802.1X for ethernet wired connections for enhanced security.
Our printer connected via ethernet is having some troubles while authenticating towards NPAS on Windows Server 2016. I have successfully imported private certificate issued by our CA to the printer.
In event viewer on the server I can see the following event: Audit Failure, Reason: The specified user account does not exist.
I have read that the device needs to be part of the domain to authenticate.
Now on the Internet, you can find people mentioning some methods (Radius proxy, dummy user, etc.) but nobody explains it in sufficient details. Providing some basic steps would be useful.
certificate tls radius
add a comment |
I cannot find a proper tutorial on how to solve my problem. Our company uses for authentication EAP-TLS for wireless. Now I plan to implement 802.1X for ethernet wired connections for enhanced security.
Our printer connected via ethernet is having some troubles while authenticating towards NPAS on Windows Server 2016. I have successfully imported private certificate issued by our CA to the printer.
In event viewer on the server I can see the following event: Audit Failure, Reason: The specified user account does not exist.
I have read that the device needs to be part of the domain to authenticate.
Now on the Internet, you can find people mentioning some methods (Radius proxy, dummy user, etc.) but nobody explains it in sufficient details. Providing some basic steps would be useful.
certificate tls radius
Do your NPAS logs show what user account specifically the printer is trying to use?
– grawity
Dec 28 '18 at 16:32
@grawity The printer is authenticating with name of the printer in format companynameoftheprinter. Would creating fake user with name of the printer sufficient? I am not sure, thank you for your reply. The thing is, how printer decides to which name use? As with windows computer, our printer has some random identiefier name, and that identiefier which is shorter than the full name of the printer is used as auth name. Do not forget my authentication method is via certificates. Thank you.
– Auth
Dec 28 '18 at 20:11
add a comment |
I cannot find a proper tutorial on how to solve my problem. Our company uses for authentication EAP-TLS for wireless. Now I plan to implement 802.1X for ethernet wired connections for enhanced security.
Our printer connected via ethernet is having some troubles while authenticating towards NPAS on Windows Server 2016. I have successfully imported private certificate issued by our CA to the printer.
In event viewer on the server I can see the following event: Audit Failure, Reason: The specified user account does not exist.
I have read that the device needs to be part of the domain to authenticate.
Now on the Internet, you can find people mentioning some methods (Radius proxy, dummy user, etc.) but nobody explains it in sufficient details. Providing some basic steps would be useful.
certificate tls radius
I cannot find a proper tutorial on how to solve my problem. Our company uses for authentication EAP-TLS for wireless. Now I plan to implement 802.1X for ethernet wired connections for enhanced security.
Our printer connected via ethernet is having some troubles while authenticating towards NPAS on Windows Server 2016. I have successfully imported private certificate issued by our CA to the printer.
In event viewer on the server I can see the following event: Audit Failure, Reason: The specified user account does not exist.
I have read that the device needs to be part of the domain to authenticate.
Now on the Internet, you can find people mentioning some methods (Radius proxy, dummy user, etc.) but nobody explains it in sufficient details. Providing some basic steps would be useful.
certificate tls radius
certificate tls radius
edited Dec 28 '18 at 16:29
Mureinik
2,36561625
2,36561625
asked Dec 28 '18 at 16:20
AuthAuth
61
61
Do your NPAS logs show what user account specifically the printer is trying to use?
– grawity
Dec 28 '18 at 16:32
@grawity The printer is authenticating with name of the printer in format companynameoftheprinter. Would creating fake user with name of the printer sufficient? I am not sure, thank you for your reply. The thing is, how printer decides to which name use? As with windows computer, our printer has some random identiefier name, and that identiefier which is shorter than the full name of the printer is used as auth name. Do not forget my authentication method is via certificates. Thank you.
– Auth
Dec 28 '18 at 20:11
add a comment |
Do your NPAS logs show what user account specifically the printer is trying to use?
– grawity
Dec 28 '18 at 16:32
@grawity The printer is authenticating with name of the printer in format companynameoftheprinter. Would creating fake user with name of the printer sufficient? I am not sure, thank you for your reply. The thing is, how printer decides to which name use? As with windows computer, our printer has some random identiefier name, and that identiefier which is shorter than the full name of the printer is used as auth name. Do not forget my authentication method is via certificates. Thank you.
– Auth
Dec 28 '18 at 20:11
Do your NPAS logs show what user account specifically the printer is trying to use?
– grawity
Dec 28 '18 at 16:32
Do your NPAS logs show what user account specifically the printer is trying to use?
– grawity
Dec 28 '18 at 16:32
@grawity The printer is authenticating with name of the printer in format companynameoftheprinter. Would creating fake user with name of the printer sufficient? I am not sure, thank you for your reply. The thing is, how printer decides to which name use? As with windows computer, our printer has some random identiefier name, and that identiefier which is shorter than the full name of the printer is used as auth name. Do not forget my authentication method is via certificates. Thank you.
– Auth
Dec 28 '18 at 20:11
@grawity The printer is authenticating with name of the printer in format companynameoftheprinter. Would creating fake user with name of the printer sufficient? I am not sure, thank you for your reply. The thing is, how printer decides to which name use? As with windows computer, our printer has some random identiefier name, and that identiefier which is shorter than the full name of the printer is used as auth name. Do not forget my authentication method is via certificates. Thank you.
– Auth
Dec 28 '18 at 20:11
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1388491%2fauth-through-eap-tls-for-non-domain-printer%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1388491%2fauth-through-eap-tls-for-non-domain-printer%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Do your NPAS logs show what user account specifically the printer is trying to use?
– grawity
Dec 28 '18 at 16:32
@grawity The printer is authenticating with name of the printer in format companynameoftheprinter. Would creating fake user with name of the printer sufficient? I am not sure, thank you for your reply. The thing is, how printer decides to which name use? As with windows computer, our printer has some random identiefier name, and that identiefier which is shorter than the full name of the printer is used as auth name. Do not forget my authentication method is via certificates. Thank you.
– Auth
Dec 28 '18 at 20:11