The Novell Client 2 SP4 for Windows includes an Extensible Authentication Protocol (EAP) plug-in to the Microsoft Windows supplicant, which lets users authenticate through RADIUS to wireless access points and wired switches for added network security. Using FreeRADIUS as the RADIUS server, users can authenticate to their local machines, to eDirectory, and to 802.1X with the same set of credentials for a single sign-on experience.
When 802.1X authentication is enabled, the username and password entered in the Novell Login dialog box are first passed to the EAP plug-in module. An exchange of messages (PEAP/MSCHAPv2) between the Windows supplicant, the wireless access point/wired switch, and the RADIUS server allows network access if the correct credentials were entered. After the 802.1X authentication has succeeded, both the eDirectory and local logins take place just as they have in previous versions of the Novell Clients. If the 802.1X authentication fails, no access to the network is given, and the user will not be able to access the network.
The 802.1x authentication feature supports both wired and wireless connections. Only password-based authentication is supported (the Novell Client for Windows supports only PEAP with MSCHAPv2). Biometrics (non password-based) authentication types are not supported with this release. If you want certificate support, the Microsoft EAP plug-ins are sufficient and no Novell-specific EAP support is required.
The ability to browse for trees and servers in the Novell Login dialog box is not supported because the 802.1X port blocks all network access.
HINT:We recommend testing this functionality with user accounts that don't expire. There is a possibility that grace login messages won't display to users, which means that users might unknowingly exhaust their grace logins.
This configuration is intended for use only with the native 802.1x supplicant provided with Windows. We recommend that you install only the driver for your wireless adapter (that is, that you do not install other supplicants or utilities that come with wireless adapters). This is because such utilities often disable the wireless service in Windows. You should also make sure that thesetting is always enabled (to do this, right-click the wireless connection).
Right-click the Red N icon () in the notification area of the taskbar, then click.
In the Novell Client for Windows Properties dialog box, click thetab.
Selectin the box, then click .
Selectin the drop-down list, then click .
Click thetab, then select .
You can also select any of the following options:
Use 802.1X authentication during subsequent eDirectory-only logins: Causes 802.1X authentication to take place when a user logs in from the Red N, even if he or she is already logged in to the Windows workstation. If the user is not logged in, 802.1X authentication takes place even if this option is not selected.
Append Domain name to User name: Prepends the user’s domain to the username when the username is submitted to 802.1X. The format is DomainName/username. Use this option if the RADIUS server expects the domain name to precede the username. This options is normally used when IAS/AD is the RADIUS backend.
NOTE:Contextless login runs after you click.
Reboot the workstation for the changes to take effect.
After it is enabled, an Step 6) to control 802.1X authentication at login time.tab appears on the Novell Login dialog box when you click the tab. Use the options on the tab (see
To enabled wired 802.1x authentication on Windows, perform the following procedure. You must be logged in as an administrator to perform these steps.
Click thebutton in the lower left corner of the Windows desktop, then click .
Click, click , then double-click .
In the list of services, double-click.
From thedrop-down list, select .
Click thebutton under , then click .
Close theand windows.
In the Windows Control Panel, click, then click .
Clickin the left navigation panel.
Right-click your LAN connection, click, and then click the tab.
From thedrop-down list, select , and then click .
In the Protected EAP Properties dialog box, clear thecheck box.
Close the Network Connections window.