Kerberos authentication with nac: change user or logout at the end system

  • 0
  • 1
  • Question
  • Updated 3 weeks ago
Hello community,

I ́m testing NAC authentication with kerberos from X440-G2-switches.

Hands on this article https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configured-Identity-Management-for-..., everything works fine, but I have a few questions/issues:

1. If I log on to a windows client against the AD, I see the session in the cli of the switch with show identity-management entries, but it will disappear after few minutes, even the PC is active and logged in. Is this okay?

2. After logging in to the PC, I can see the username in NAC. But when I log out from the PC, I still see the username and the end system is accepted based on this.

3. If I logout from the client and login with another user, I see the active user in the cli of the switch, but I have to reauthenticate the End System in NAC to see the other user that is currently logged in.

I think, the switch should sent something like a notification to the NAC, if users log out or there is an user change. Is this possible?

If there is a similiar post in the hub, please show me the link. I ́ve searched the forum, but didn ́t found any suitable topic.

Thanks in advance for your replies!

Kind Regards, Ralf
Photo of Ralf

Ralf

  • 514 Points 500 badge 2x thumb

Posted 3 weeks ago

  • 0
  • 1

Be the first to post a reply!