ExtremeCloud IQ- Site Engine & Extreme Management Center

Kerberos authentication with nac: change user or logout at the end system

  • 1.  Kerberos authentication with nac: change user or logout at the end system

    Posted 10-23-2018 12:38

    Hello community,

    I´m testing NAC authentication with kerberos from X440-G2-switches.

    I have a few questions/issues:

    1. If I log on to a windows client against the AD, I see the session in the cli of the switch with show identity-management entries, but it will disappear after few minutes, even the PC is active and logged in. Is this okay?

    2. After logging in to the PC, I can see the username in NAC. But when I log out from the PC, I still see the username and the end system is accepted based on this.

    3. If I logout from the client and login with another user, I see the active user in the cli of the switch, but I have to reauthenticate the End System in NAC to see the other user that is currently logged in.

    I think, the switch should sent something like a notification to the NAC, if users log out or there is an user change. Is this possible?

    If there is a similiar post in the hub, please show me the link. I´ve searched the forum, but didn´t found any suitable topic.

    Thanks in advance for your replies!

    Kind Regards, Ralf