Auth through EAP-TLS for non-domain printer












1















I cannot find a proper tutorial on how to solve my problem. Our company uses for authentication EAP-TLS for wireless. Now I plan to implement 802.1X for ethernet wired connections for enhanced security.



Our printer connected via ethernet is having some troubles while authenticating towards NPAS on Windows Server 2016. I have successfully imported private certificate issued by our CA to the printer.



In event viewer on the server I can see the following event: Audit Failure, Reason: The specified user account does not exist.



I have read that the device needs to be part of the domain to authenticate.



Now on the Internet, you can find people mentioning some methods (Radius proxy, dummy user, etc.) but nobody explains it in sufficient details. Providing some basic steps would be useful.










share|improve this question

























  • Do your NPAS logs show what user account specifically the printer is trying to use?

    – grawity
    Dec 28 '18 at 16:32











  • @grawity The printer is authenticating with name of the printer in format companynameoftheprinter. Would creating fake user with name of the printer sufficient? I am not sure, thank you for your reply. The thing is, how printer decides to which name use? As with windows computer, our printer has some random identiefier name, and that identiefier which is shorter than the full name of the printer is used as auth name. Do not forget my authentication method is via certificates. Thank you.

    – Auth
    Dec 28 '18 at 20:11
















1















I cannot find a proper tutorial on how to solve my problem. Our company uses for authentication EAP-TLS for wireless. Now I plan to implement 802.1X for ethernet wired connections for enhanced security.



Our printer connected via ethernet is having some troubles while authenticating towards NPAS on Windows Server 2016. I have successfully imported private certificate issued by our CA to the printer.



In event viewer on the server I can see the following event: Audit Failure, Reason: The specified user account does not exist.



I have read that the device needs to be part of the domain to authenticate.



Now on the Internet, you can find people mentioning some methods (Radius proxy, dummy user, etc.) but nobody explains it in sufficient details. Providing some basic steps would be useful.










share|improve this question

























  • Do your NPAS logs show what user account specifically the printer is trying to use?

    – grawity
    Dec 28 '18 at 16:32











  • @grawity The printer is authenticating with name of the printer in format companynameoftheprinter. Would creating fake user with name of the printer sufficient? I am not sure, thank you for your reply. The thing is, how printer decides to which name use? As with windows computer, our printer has some random identiefier name, and that identiefier which is shorter than the full name of the printer is used as auth name. Do not forget my authentication method is via certificates. Thank you.

    – Auth
    Dec 28 '18 at 20:11














1












1








1








I cannot find a proper tutorial on how to solve my problem. Our company uses for authentication EAP-TLS for wireless. Now I plan to implement 802.1X for ethernet wired connections for enhanced security.



Our printer connected via ethernet is having some troubles while authenticating towards NPAS on Windows Server 2016. I have successfully imported private certificate issued by our CA to the printer.



In event viewer on the server I can see the following event: Audit Failure, Reason: The specified user account does not exist.



I have read that the device needs to be part of the domain to authenticate.



Now on the Internet, you can find people mentioning some methods (Radius proxy, dummy user, etc.) but nobody explains it in sufficient details. Providing some basic steps would be useful.










share|improve this question
















I cannot find a proper tutorial on how to solve my problem. Our company uses for authentication EAP-TLS for wireless. Now I plan to implement 802.1X for ethernet wired connections for enhanced security.



Our printer connected via ethernet is having some troubles while authenticating towards NPAS on Windows Server 2016. I have successfully imported private certificate issued by our CA to the printer.



In event viewer on the server I can see the following event: Audit Failure, Reason: The specified user account does not exist.



I have read that the device needs to be part of the domain to authenticate.



Now on the Internet, you can find people mentioning some methods (Radius proxy, dummy user, etc.) but nobody explains it in sufficient details. Providing some basic steps would be useful.







certificate tls radius






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 28 '18 at 16:29









Mureinik

2,54561625




2,54561625










asked Dec 28 '18 at 16:20









AuthAuth

61




61













  • Do your NPAS logs show what user account specifically the printer is trying to use?

    – grawity
    Dec 28 '18 at 16:32











  • @grawity The printer is authenticating with name of the printer in format companynameoftheprinter. Would creating fake user with name of the printer sufficient? I am not sure, thank you for your reply. The thing is, how printer decides to which name use? As with windows computer, our printer has some random identiefier name, and that identiefier which is shorter than the full name of the printer is used as auth name. Do not forget my authentication method is via certificates. Thank you.

    – Auth
    Dec 28 '18 at 20:11



















  • Do your NPAS logs show what user account specifically the printer is trying to use?

    – grawity
    Dec 28 '18 at 16:32











  • @grawity The printer is authenticating with name of the printer in format companynameoftheprinter. Would creating fake user with name of the printer sufficient? I am not sure, thank you for your reply. The thing is, how printer decides to which name use? As with windows computer, our printer has some random identiefier name, and that identiefier which is shorter than the full name of the printer is used as auth name. Do not forget my authentication method is via certificates. Thank you.

    – Auth
    Dec 28 '18 at 20:11

















Do your NPAS logs show what user account specifically the printer is trying to use?

– grawity
Dec 28 '18 at 16:32





Do your NPAS logs show what user account specifically the printer is trying to use?

– grawity
Dec 28 '18 at 16:32













@grawity The printer is authenticating with name of the printer in format companynameoftheprinter. Would creating fake user with name of the printer sufficient? I am not sure, thank you for your reply. The thing is, how printer decides to which name use? As with windows computer, our printer has some random identiefier name, and that identiefier which is shorter than the full name of the printer is used as auth name. Do not forget my authentication method is via certificates. Thank you.

– Auth
Dec 28 '18 at 20:11





@grawity The printer is authenticating with name of the printer in format companynameoftheprinter. Would creating fake user with name of the printer sufficient? I am not sure, thank you for your reply. The thing is, how printer decides to which name use? As with windows computer, our printer has some random identiefier name, and that identiefier which is shorter than the full name of the printer is used as auth name. Do not forget my authentication method is via certificates. Thank you.

– Auth
Dec 28 '18 at 20:11










0






active

oldest

votes











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1388491%2fauth-through-eap-tls-for-non-domain-printer%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1388491%2fauth-through-eap-tls-for-non-domain-printer%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Сан-Квентин

8-я гвардейская общевойсковая армия

Алькесар