wow ... quick reply ... thanks so much !!! You've answered all my questions perfectly Just one final question - is it recommended to do both machine auth and user auth ? Or is the OAC machine auth considered to be reliable enough on it's own ? I'm just thinking of this from the point of view of rogue machines getting on the network Thanks again, really do appreicate the help ... View more

Hi all I've just come across this thread while doing some searching, and it's exactly what I'd like to do with our network also ... so I'm really happy to see that it's possible ! I just have a few questions though: 1. When you say that the authentication server must be AD and not LDAP - do you mean that a domain controller must authenticate the computer directly ? Or can the computer authenticate against a Juniper UAC product (IC4000 in our case probably) which then passes the credentials to AD ? 2. Can all of this be done over EAP without an IP address ? Or does the machine require an IP address in order to do the computer authentication ? 3. If it can be done without an IP address, can the machine do normal AD based "tasks" after it has successfully authenticated (and gotten an IP address) such as apply GPO etc ? 4. I think the answer to this is yes (based on what I've read above) but is it also possible to authenticate the user after the computer has been authenticated ? Sorry, I realize this isn't my thread, but as it's related so closely to what I'm trying to do, I thought I'd reply here Thanks again ... View more