Académique Documents
Professionnel Documents
Culture Documents
Prepared for:
Securelink
Draaiboomstraat 6
2160 Wommelgem
Prepared by:
Wim De Smet
Version 1.0
Monday, 07 April 2008
Table of Contents
MACHINE CERTIFICATES 3
Create certificate at AD 3
Logging 10
Succesfull login 10
Failed login 11
Create certificate at AD
2. In the console tree, double-click Active Directory Users and Computers, right-
click the domain name in which your CA lives, and then click Properties.
3. On the Group Policy tab, click Default Domain Policy, and then click Edit.
Where?
8. To create a computer certificate for the CA computer, type the following at the
command prompt:
gpupdate /target:Computer
certificates.
this policy. When you look at the screenshot below, you will see that we recheck the
host check every 5 min.
Profile
Here we see that the compliancy check is succesfull and that I meet the security
policies.
Logging
We can look at the logging of the Infranet Controller to see if authentication and
certificate check works.
Succesfull login
2007-11-07 15:54:22 - ic - [192.168.100.55]
securelink\wdesmet(Test8021X_Realm)[8021X role] - Connected to 192.168.100.55-
0:agentman port 0
You can cleary see that the Machine certificate check Is done before ip assignment!
Failed login
2007-11-07 15:46:50 - ic - [0.0.0.0] SECURELINK\wdesmet(Test8021X_Realm)[] -
Login failed. Reason: NoRoles
2007-11-07 15:46:50 - ic - [0.0.0.0] SECURELINK\wdesmet(Test8021X_Realm)[] -
Login failed from 00-17-A4-D6-A2-52 for
SECURELINK\wdesmet/Test8021X_Realm. All roles restricted.
2007-11-07 15:46:50 - ic - [0.0.0.0] wdesmet(Test8021X_Realm)[] - Host Checker
policy 'Certf_check' failed on host using 802.1X authentication for user 'wdesmet'.
Reason: '"Machine certificate has been revoked"'.
You can now see that I don’t have access anymore, and the client tell’s me that I
failed one or more security policy’s. If I want to know why I can click on the link to
see why: