As Rich said, for windows 2008R1, you need to allow NT4 crypto and NTLM response.

Windows 2008R2 is *NOT* supported yet for MSCHAPv2 and Machien authentication.

It is supported from IC version 4.2 which is now in BETA.

It would be available officaily, by end of february or early March 2012

Regards,

Raveen

About the workaround for 2008R1, please refer: KB14345

For 2008R2 issue, We have a PSN for this PSN-2010-09-936: Juniper Networks Unified Access Control (UAC) IC Appliance issue with Microsoft Win...

Regards,

Raveen

Note: You could mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!

Hi, can you please update us when the IC 4.2 will be officially available ? Do you supports IC 4.2 Beta2 in production environment ?

Hi,

IC 4.2 is likely to be officially available by end of this month.

You please wait untill end of this month for adding 4.2 appliance in production.

However, beta testing in lab is highly appreciated.

Regards,

Raveen

Note: You could mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!

Hi Raveen,

I have seen your posts and found that you are well educated in IC implementation.

I am a but new to IC deployment with regards to 802.1x with native supplicant of Windows. I have SoH license for host checker. Customer perhaps has 2008R2

Can you please guide me to do this implementation in some step by step manner or refer a relevant KB that can help me doing this easily.

I will really appreciate your help.

Awaiting for urgent response.

Thanks and regards,

Hi Fahad,

Windows native supplicant uses EAP-MSCHAPv2 as the authentication protocol.

Currently, IC can't work well with windows 2008R2 for EAP-MSCHAPv2.

IC version 4.2 supports 2008R2 for EAP-MSCAHv2 authentication.

It is likely to be realesed in couple of weeks.

Regards,

Raveen

Note: IF this answers your question, you could mark this as accepted solution, that way it helps others. Kudos is a bonus thanks!

Thanks for the prompt response.

Ok lets assume, customer is using 2008R1 or earlier. Please guide me to steps I need to do on UAC and Switch for 802.1x with AD and DHCP with SSO in the environment.

Thanks for the help

regards,

Hi Fahad,

Basic steps are as below:

1. Add radius client in IC with right secret_key that you configured in switch.

2. Map radius client to Location group, assign a sign in URL.

3. Sign in URL should have a realm containing your authentication server, and have role mapping rules.

More details on how to configure above, please refer IC administration guide.

http://www.juniper.net/techpubs/software/uac/4.1xguides/j-ic-uac-4.1-adminguide.pdf

http://www.juniper.net/techpubs/software/uac/4.1xguides/j-ic-uac-4.1-deployment.pdf

For your use-case, please contact your SE or engage PS(professional services) team.

Regards,

Raveen

Dear Raveen,

Thank you so much for the post. I have been going through the Admin guide. Its a great resource.

Is there any catch with Single Sign-on ? how to use machine authentication with certficates???

By the way, why would we browse the forums like JNET, if we always need expensive professional services

JNET has some real champions like you and we appreciate your support

Thanks and regards,