Not as far as I have been able to tell per how windoze handles it. I asked this a while back, and short answer is no.
Working in an enterprise wireless environment, of course windoze does this (only at boot/logout), macs do this too (somewhat poorly), but there is nothing analogous in linux directly. I worked with setting up a system-level profile (using the "All users may connect to this network" setting under the profile) for machine certs gotten from M$ Ent CA that would be used by default, but honestly I couldn't get NM to work right with the certs and gave up before leaving the company.
I found prior ubuntu 12.04 wouldn't for whatever reason invoke that profile without login, bumping it up to 13.10 fixed it, so ymmv here too. In theory, using a general "machine" or system profile should get the system online, and if doing role derivation ala Clearpass/ISE, should stick you in a suitable quarantine/restricted access to AD, and then once a user logs in, would then switch profiles to theirs specifically for full access. I never got to see this fully work due to apparently certificate bugs with NM for eap-tls, but that's another discussion.
I'd love to see this work, we had to do some hacks to get linux users on wireless, as part of our eap server policy was verifying the asset by machine auth, or an MDM in it's place. Since linux really doesn't do or have either, we ended up fudging it in as an MDM-trusted asset for blind trust and staying with PEAP passwords, but in a 3500 user company with 10 linux users, it was good enough.
Using machine authentication is almost worse anyways, as no client handles the transition well when role determines vlan access at the controller at a L2 level, even windoze without specifically coa bouncing the association hard (dhcp needs a link down/up to readdress). The whole business was messy honestly, and just taught me not to rely on machine auth.
It's be great to see this work still, but maybe something a company like Likewise/Powerbroker or Centrify can handle to emulate gpo-ish machine auth function like that for enterprise desktop linux to transition back and forth from computer or user credentials, hopefully working better than either win or mac.
-mb
On 04/03/2014 07:00 AM, Omer Faruk SEN wrote:
I am using RHEL 6.5 and I use NetworkManager-0.8.1-66.el6.x86_64Hello,I want to ask how can i use "Computer Authentication" on NetworkManager-0.8.1. Is this a supported mode? If so where can i configure it on the NM GUI?
I want to state that RHEL 6.5 has joined to Microsoft AD environment. On Windows environment we have :
As far as I see this is not possible on NM on any version but wanted to check it.
Regards.
_______________________________________________ networkmanager-list mailing list networkmanager-list gnome org https://mail.gnome.org/mailman/listinfo/networkmanager-list
_______________________________________________
networkmanager-list mailing list
networkmanager-list gnome org
https://mail.gnome.org/mailman/listinfo/networkmanager-list