Auth through EAP-TLS for non-domain printer












1















I cannot find a proper tutorial on how to solve my problem. Our company uses for authentication EAP-TLS for wireless. Now I plan to implement 802.1X for ethernet wired connections for enhanced security.



Our printer connected via ethernet is having some troubles while authenticating towards NPAS on Windows Server 2016. I have successfully imported private certificate issued by our CA to the printer.



In event viewer on the server I can see the following event: Audit Failure, Reason: The specified user account does not exist.



I have read that the device needs to be part of the domain to authenticate.



Now on the Internet, you can find people mentioning some methods (Radius proxy, dummy user, etc.) but nobody explains it in sufficient details. Providing some basic steps would be useful.






certificate tls radius







share|improve this question

























  • Do your NPAS logs show what user account specifically the printer is trying to use?

    – grawity
    Dec 28 '18 at 16:32











  • @grawity The printer is authenticating with name of the printer in format companynameoftheprinter. Would creating fake user with name of the printer sufficient? I am not sure, thank you for your reply. The thing is, how printer decides to which name use? As with windows computer, our printer has some random identiefier name, and that identiefier which is shorter than the full name of the printer is used as auth name. Do not forget my authentication method is via certificates. Thank you.

    – Auth
    Dec 28 '18 at 20:11
















1















I cannot find a proper tutorial on how to solve my problem. Our company uses for authentication EAP-TLS for wireless. Now I plan to implement 802.1X for ethernet wired connections for enhanced security.



Our printer connected via ethernet is having some troubles while authenticating towards NPAS on Windows Server 2016. I have successfully imported private certificate issued by our CA to the printer.



In event viewer on the server I can see the following event: Audit Failure, Reason: The specified user account does not exist.



I have read that the device needs to be part of the domain to authenticate.



Now on the Internet, you can find people mentioning some methods (Radius proxy, dummy user, etc.) but nobody explains it in sufficient details. Providing some basic steps would be useful.






certificate tls radius







share|improve this question

























  • Do your NPAS logs show what user account specifically the printer is trying to use?

    – grawity
    Dec 28 '18 at 16:32











  • @grawity The printer is authenticating with name of the printer in format companynameoftheprinter. Would creating fake user with name of the printer sufficient? I am not sure, thank you for your reply. The thing is, how printer decides to which name use? As with windows computer, our printer has some random identiefier name, and that identiefier which is shorter than the full name of the printer is used as auth name. Do not forget my authentication method is via certificates. Thank you.

    – Auth
    Dec 28 '18 at 20:11














1












1








1








I cannot find a proper tutorial on how to solve my problem. Our company uses for authentication EAP-TLS for wireless. Now I plan to implement 802.1X for ethernet wired connections for enhanced security.



Our printer connected via ethernet is having some troubles while authenticating towards NPAS on Windows Server 2016. I have successfully imported private certificate issued by our CA to the printer.



In event viewer on the server I can see the following event: Audit Failure, Reason: The specified user account does not exist.



I have read that the device needs to be part of the domain to authenticate.



Now on the Internet, you can find people mentioning some methods (Radius proxy, dummy user, etc.) but nobody explains it in sufficient details. Providing some basic steps would be useful.






certificate tls radius







share|improve this question
















I cannot find a proper tutorial on how to solve my problem. Our company uses for authentication EAP-TLS for wireless. Now I plan to implement 802.1X for ethernet wired connections for enhanced security.



Our printer connected via ethernet is having some troubles while authenticating towards NPAS on Windows Server 2016. I have successfully imported private certificate issued by our CA to the printer.



In event viewer on the server I can see the following event: Audit Failure, Reason: The specified user account does not exist.



I have read that the device needs to be part of the domain to authenticate.



Now on the Internet, you can find people mentioning some methods (Radius proxy, dummy user, etc.) but nobody explains it in sufficient details. Providing some basic steps would be useful.






certificate tls radius




certificate tls radius






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 28 '18 at 16:29









Mureinik

2,54561625




2,54561625










asked Dec 28 '18 at 16:20









AuthAuth

61




61













  • Do your NPAS logs show what user account specifically the printer is trying to use?

    – grawity
    Dec 28 '18 at 16:32











  • @grawity The printer is authenticating with name of the printer in format companynameoftheprinter. Would creating fake user with name of the printer sufficient? I am not sure, thank you for your reply. The thing is, how printer decides to which name use? As with windows computer, our printer has some random identiefier name, and that identiefier which is shorter than the full name of the printer is used as auth name. Do not forget my authentication method is via certificates. Thank you.

    – Auth
    Dec 28 '18 at 20:11



















  • Do your NPAS logs show what user account specifically the printer is trying to use?

    – grawity
    Dec 28 '18 at 16:32











  • @grawity The printer is authenticating with name of the printer in format companynameoftheprinter. Would creating fake user with name of the printer sufficient? I am not sure, thank you for your reply. The thing is, how printer decides to which name use? As with windows computer, our printer has some random identiefier name, and that identiefier which is shorter than the full name of the printer is used as auth name. Do not forget my authentication method is via certificates. Thank you.

    – Auth
    Dec 28 '18 at 20:11

















Do your NPAS logs show what user account specifically the printer is trying to use?

– grawity
Dec 28 '18 at 16:32





Do your NPAS logs show what user account specifically the printer is trying to use?

– grawity
Dec 28 '18 at 16:32













@grawity The printer is authenticating with name of the printer in format companynameoftheprinter. Would creating fake user with name of the printer sufficient? I am not sure, thank you for your reply. The thing is, how printer decides to which name use? As with windows computer, our printer has some random identiefier name, and that identiefier which is shorter than the full name of the printer is used as auth name. Do not forget my authentication method is via certificates. Thank you.

– Auth
Dec 28 '18 at 20:11





@grawity The printer is authenticating with name of the printer in format companynameoftheprinter. Would creating fake user with name of the printer sufficient? I am not sure, thank you for your reply. The thing is, how printer decides to which name use? As with windows computer, our printer has some random identiefier name, and that identiefier which is shorter than the full name of the printer is used as auth name. Do not forget my authentication method is via certificates. Thank you.

– Auth
Dec 28 '18 at 20:11










0






active

oldest

votes











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1388491%2fauth-through-eap-tls-for-non-domain-printer%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1388491%2fauth-through-eap-tls-for-non-domain-printer%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Сан-Квентин

Image
Сан-Квентин Местоположение Сан-Квентин, Калифорния Координаты 37°56′13″ с. ш. 122°29′20″ з. д. H G Я O L Текущий статус Действует Режим безопасности минимальный и максимальный Количество мест 3 302 Открытие Июнь 1852 Находится в ведомстве California Department of Corrections and Rehabilitation Начальник Mike Martel, начальник  Сан-Квентин на Викискладе Сан-Квентин (англ.  San Quentin ) — тюрьма, располагающаяся на 432 акрах (около 1,7 км²), на мысе Сан-Квентин, в округе Марин, штат Калифорния, США. Тюрьма штата Калифорния Сан-Квентин была открыта в июле 1852 года и является старейшей в штате. Она была построена заключёнными, которые проживали в течение строительства на тюремном судне Вабан. В Сан-Квентине отбывали наказание и мужчины, и женщины до 1934 года, когда построили женскую тюрьму в Техачапи и туда перевели всех заключённых женщин. В Сан-Квентине приводятся в исполнение смертные казни, для этого имеется газовая камера, но
Read more

Алькесар

Image
Муниципалитет Алькесар Alquézar Герб 42°10′16″ с. ш. 0°01′27″ в. д. H G Я O L Страна Испания   Испания Автономное сообщество Арагон Провинция Уэска Комарка Сомонтано-де-Барбастро Алькальд Хосе Марияно Альтемир Ласкорс (ИСРП) История и география Площадь 32,36 км² Высота НУМ 660 м Часовой пояс UTC+1, летом UTC+2 Население Население 313 человек ( 2010 ) Плотность 9,92 чел./км² Этнохороним alquezarano/-a Цифровые идентификаторы Телефонный код +34 974 Почтовые индексы 22112 Автомобильный код HU alquezar.org   (исп.) Показать/скрыть карты Алькесар Алькесар Алькесар  Аудио, фото и видео на Викискладе Алькесар (исп.  Alquézar ) — муниципалитет в Испании, входит в провинцию Уэска, в составе автономного сообщества Арагон. Муниципалитет находится в составе района (комарки) Сомонтано-де-Барбастро. Занимает площадь 32,36 км². Население — 321 челове
Read more

Josef Freinademetz

Image
San Ujöp (Giuseppe/Josef) Freinademetz Josef Freinademetz in abiti cinesi   Religioso e missionario   Nascita 15 aprile 1852 Morte 28 gennaio 1908 Venerato da Chiesa cattolica Beatificazione 1975 Canonizzazione 5 ottobre 2003 Ricorrenza 28 gennaio Manuale Ujöp Freinademetz noto anche come Giuseppe o Josef Freinademetz (Oies, 15 aprile 1852 – Taikia, 28 gennaio 1908) è stato un presbitero austriaco, membro della Società del Verbo Divino, fu missionario in Cina; è venerato come santo dalla Chiesa cattolica. .mw-parser-output .citazione-table{margin-bottom:.5em;font-size:95%}.mw-parser-output .citazione-table td{padding:0 1.2em 0 2.4em}.mw-parser-output .citazione-lang{vertical-align:top}.mw-parser-output .citazione-lang td{width:50%}.mw-parser-output .citazione-lang td:first-child{padding:0 0 0 2.4em}.mw-parser-output .citazione-lang td:nth-child(2){padding:0 1.2em} «Io amo la Cina e i cinesi; voglio morire in mezzo a loro, e tra loro
Read more