locked
MAC Addresses in AD RRS feed

  • Question

  • we've managed to pass all mac based authentication to another NPS installed on entierly different AD which no password policy so that user with name as mac addresses as well password as mac address can be authenticated through that ( which not possible in production AD due to strict password policy ). And that's working also.

    Howerver some 3COM swithces models are sending MAC as upper case and some as lower case.

    We often have to change the password case in AD when the switch need to be replaced between models so that end devices can be exempted safely.

    We tried to use the attribute change and replace rule in connection policy but that controls only username part not the password.

    If there is a way that Active Directory can be made to treat passwords as case insensitive

    OR

    NPS can convert all mac based passwords to either upper case or lower case in all cases

    so that we will be out of this inconvenience.

    Relevent response would be very appreciated. No links to documentation plz.

     

     


    Shahid Roofi
    Thursday, June 16, 2011 4:46 PM

Answers

  • Don't let 3COM read or hear about your comments above.

    We took it up with them. They have a good reason for it along with reference of thousands of other switches brands and we found them to be correct.

    It is MS missing the provision in NPS to handle this.

    But good part on MS is, extension is possible for NPS which can help achieve the same using custom code.

    And that we are moving to now and is the only viable solution path of such scenario whoever faces.


    Shahid Roofi
    • Marked as answer by Shahid Roofi Friday, June 24, 2011 9:52 AM
    Friday, June 24, 2011 9:52 AM

All replies

  • Hi Shahid,

     

    Thanks for posting here.

     

    > Howerver some 3COM swithces models are sending MAC as upper case and some as lower case.

    This is quite abnormal. If you can confirm that the user name and password have been set in correct character case , I suspect some misconfigurations on your switch must cause this issue, you may consult with 3COM supporting service to recheck your switch settings and make sure they will be set to send credentials in original character case .

     

    In the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in, create a user account for each MAC address for which you want to provide MAC address authorization. The name of the user account must match the MAC address of the network adapter installed in the computer from which the user is connecting. The format of the password assigned to the account is determined by the network access server vendor. Review the network access server documentation to determine the appropriate password.

     

    Thanks.

     

    Tiger Li

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, June 20, 2011 7:15 AM
  • Hi Shahid,

    Please feel free to let us know if the information was helpful to you.

    Thanks,

    Tiger Li

    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact tngfb@microsoft.com


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, June 23, 2011 11:00 AM
  • Don't let 3COM read or hear about your comments above.

    We took it up with them. They have a good reason for it along with reference of thousands of other switches brands and we found them to be correct.

    It is MS missing the provision in NPS to handle this.

    But good part on MS is, extension is possible for NPS which can help achieve the same using custom code.

    And that we are moving to now and is the only viable solution path of such scenario whoever faces.


    Shahid Roofi
    • Marked as answer by Shahid Roofi Friday, June 24, 2011 9:52 AM
    Friday, June 24, 2011 9:52 AM