This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

show username in OneView if I do 802.1x with computer certificate

show username in OneView if I do 802.1x with computer certificate

Yves_Haslimann
New Contributor III

ā€Ž08-29-2017 08:26 AM

Hello everybody

have an extreme switch (x430-8p) which has configured port 1 like this:
configure netlogin vlan v0889-netlogin
enable netlogin dot1x mac
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48
enable netlogin ports 1 dot1x
enable netlogin ports 1 mac
configure netlogin ports 1 mode mac-based-vlans
configure netlogin ports 1 no-restart
enable netlogin authentication failure vlan ports 1
enable netlogin authentication service-unavailable vlan ports 1
configure netlogin authentication failure vlan vgast ports 1
configure netlogin authentication service-unavailable vlan vgast ports 1

On the Extreme NAC I have configured a 802.1x Policy:
Authentication: 802.1x (EAP-TLS)
user: LDAP User-group
Location: this switch (x430-8p)
Profile: returns a accept policy with a VLAN Tag.

This works fine so far.

But now, I see in OneView as user name only the computer name (host/xxxxx).
How can I get there the real username (for example. user.xy@domain.com).
Do I have to use Kerberos too?

Thank you,
Br, Yves

0 Kudos
5 REPLIES 5

Piotr_Szolkowsk
Extreme Employee

ā€Ž08-29-2017 09:08 AM

No you do not have to use Kerberos.

Most probably you did not enable Computer and User authentication on your windows IEEE 802.1x client so you only authenticate Computer. You also need User certificates to allow user authentication.
0 Kudos
GTM-P2G8KFN