locked
Network Access Pretection 802.1X enforcement RRS feed

  • Question

  • Hi,

    I made a NAP test lab set up where I am using Win2k as Radius server, certificate server and DNS. 2k8 as NAP system health validator and two Win7 system as NAP clients.

    If I have connect one linux system on that network which is not having NAP agent then what will happen?

    Can that NAP server give linux system full permission or that system will be non compliant?

    Thanks,
    Papai

    Sunday, September 26, 2010 7:11 AM

Answers

  • Hi papai,

     

    Thanks for posting here.

     

    In that case, you might take look the NAP Clients for non-windows system.

     

    NAP clients for Linux and Macintosh are available

    http://blogs.technet.com/b/nap/archive/2008/12/16/nap-clients-for-linux-and-macintosh-are-available.aspx

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, September 27, 2010 8:01 AM
  • Hi,

    You can't use Windows Server 2000 for your RADIUS server if that is what you have. The RADIUS server must be NPS, which came out with Server 2008.

    If you use the NAP client posted by Tiger Li then it will report health status to NPS. Whether it is compliant or noncompliant depends on the status of the client and the SHA that is installed there. Note that you will also have to install the corresponding SHV on NPS as an add-on. The SHA can measure things like firewall status, antivirus, or what kinds of services are running.

    If your client is configured with all of these things, and you have installed the add-on for NPS, then the Linux client should report that it is compliant.

    If you don't install these things, then the client should authenticate with 802.1X and match a non NAP-capable policy. You can configure this policy to grant full access or to restrict access. By default the policy will restrict access.

    -Greg

    Monday, September 27, 2010 7:17 PM

All replies

  • Hi papai,

     

    Thanks for posting here.

     

    In that case, you might take look the NAP Clients for non-windows system.

     

    NAP clients for Linux and Macintosh are available

    http://blogs.technet.com/b/nap/archive/2008/12/16/nap-clients-for-linux-and-macintosh-are-available.aspx

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, September 27, 2010 8:01 AM
  • Hi,

    You can't use Windows Server 2000 for your RADIUS server if that is what you have. The RADIUS server must be NPS, which came out with Server 2008.

    If you use the NAP client posted by Tiger Li then it will report health status to NPS. Whether it is compliant or noncompliant depends on the status of the client and the SHA that is installed there. Note that you will also have to install the corresponding SHV on NPS as an add-on. The SHA can measure things like firewall status, antivirus, or what kinds of services are running.

    If your client is configured with all of these things, and you have installed the add-on for NPS, then the Linux client should report that it is compliant.

    If you don't install these things, then the client should authenticate with 802.1X and match a non NAP-capable policy. You can configure this policy to grant full access or to restrict access. By default the policy will restrict access.

    -Greg

    Monday, September 27, 2010 7:17 PM