Supplicant (computer) on:
[Wikipedia]
[Google]
[Amazon]
In 
A supplicant, in some contexts, refers to a user or to a client in a network environment seeking to access network resources secured by the IEEE 802.1X authentication mechanism. But saying "user" or "client" overgeneralizes; in reality, the interaction takes place through a
ESG Open 802.1x Supplicant initiative
Understanding 802.1x authentication
on Microsoft
on Cisco
What is 802.1x Security Authentication for Wireless Networks?
on Netgear
Creating a secure 802.1x wireless infrastructure using Microsoft Windows
on Microsoft Technet
on SecureW2 IEEE 802
computer networking
A computer network is a collection of communicating computers and other devices, such as printers and smart phones. In order to communicate, the computers and devices must be connected by wired media like copper cables, optical fibers, or b ...
, a supplicant is an entity at one end of a point-to-point LAN
Lan or LAN may refer to:
Science and technology
* Local asymptotic normality, a fundamental property of regular models in statistics
* Longitude of the ascending node, one of the orbital elements used to specify the orbit of an object in space
* ...
segment that seeks to be authenticated by an authenticator
An authenticator is a means used to confirm a user's identity, that is, to perform digital authentication. A person authenticates to a computer system or application by demonstrating that he or she has possession and control of an authenticator. I ...
attached to the other end of that link. The IEEE 802.1X standard uses the term "supplicant" to refer to either hardware or software. In practice, a supplicant is a software application
Application software is any computer program that is intended for end-user use not computer operator, operating, system administration, administering or computer programming, programming the computer. An application (app, application program, sof ...
installed on an end-user's computer. The user invokes the supplicant and submits credentials to connect the computer to a secure network
Network, networking and networked may refer to:
Science and technology
* Network theory, the study of graphs as a representation of relations between discrete objects
* Network science, an academic field that studies complex networks
Mathematics
...
. If the authentication succeeds, the authenticator typically allows the computer to connect to the network.
A supplicant, in some contexts, refers to a user or to a client in a network environment seeking to access network resources secured by the IEEE 802.1X authentication mechanism. But saying "user" or "client" overgeneralizes; in reality, the interaction takes place through a personal computer
A personal computer, commonly referred to as PC or computer, is a computer designed for individual use. It is typically used for tasks such as Word processor, word processing, web browser, internet browsing, email, multimedia playback, and PC ...
, an Internet Protocol
The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.
IP ...
(IP) phone, or similar network device. Each of these must run supplicant software that initiates or reacts to IEEE 802.1X authentication requests for association.
Overview
Businesses, campuses, governments and all other social entities across-the-board in need of security may resort to the use of IEEE 802.1X authentication to regulate users access to their corresponding network infrastructure. And to enable this, client devices need to meet supplicant definition in order to gain access. In businesses, for example, it is very common that employees will receive their new computer with all the necessary settings appropriately set for IEEE 802.1X authentication, in particular when connecting wirelessly to the network.Access
For a supplicant-capable device to gain access to the secured resources on a network, some preconditions should be observed and a context that will make this feasible. The network to which the supplicant needs to interact with must have aRADIUS
In classical geometry, a radius (: radii or radiuses) of a circle or sphere is any of the line segments from its Centre (geometry), center to its perimeter, and in more modern usage, it is also their length. The radius of a regular polygon is th ...
Server (also known as an Authentication Server or an Authenticator
An authenticator is a means used to confirm a user's identity, that is, to perform digital authentication. A person authenticates to a computer system or application by demonstrating that he or she has possession and control of an authenticator. I ...
), a Dynamic Host Configuration Protocol
The Dynamic Host Configuration Protocol (DHCP) is a network protocol, network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the netw ...
(DHCP) server if automatic IP address
An Internet Protocol address (IP address) is a numerical label such as that is assigned to a device connected to a computer network that uses the Internet Protocol for communication. IP addresses serve two main functions: network interface i ...
assignment is needed, and in certain configurations, an Active Directory
Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. Windows Server operating systems include it as a set of processes and services. Originally, only centralized domain management used Active Direct ...
domain controller. The domain controller is particularly needed in Microsoft environments when using Microsoft's Internet Authentication Service
Internet Authentication Service (IAS) is a component of Windows Server operating systems that provides centralized user authentication, authorization and accounting.
Overview
While Routing and Remote Access Service (RRAS) security is sufficient ...
(IAS) or Network Policy Server
Network Policy and Access Services (NPAS) is a component of Windows Server 2008. It replaces the Internet Authentication Service (IAS) from Windows Server 2003. The NPAS server role includes Network Policy Server (NPS), Health Registration Authori ...
(NPS) software to provide RADIUS services from the Authentication Server.
Supplicant list
Supplicants include but are not limited to: * Windows 2000/XP built in **Windows 2000
Windows 2000 is a major release of the Windows NT operating system developed by Microsoft, targeting the server and business markets. It is the direct successor to Windows NT 4.0, and was Software release life cycle#Release to manufacturing (RT ...
Service Pack 4
** Windows XP
Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct successor to Windows 2000 for high-end and business users a ...
Service Pack 2
* Mac OS X
macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...
built in (" Internet Connect" utility)
** OS 10.3 or higher
* AnyConnect Network Access Manager
* Odyssey
* SecureW2
* wpa_supplicant
wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation) and Haiku. In addition to being a WPA3 and WPA2 su ...
* Xsupplicant
Xsupplicant is a supplicant that allows a workstation to authenticate with a RADIUS server using 802.1X and the Extensible Authentication Protocol (EAP). It can be used for computers with wired or wireless LAN connections to complete a strong a ...
Mechanism
One aspect of reality a user needs to understand and, more likely comply with the network administrator is the use of user name and password, or aMAC address
A MAC address (short for medium access control address or media access control address) is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. This use i ...
as the minimum that will be required for account setup.
On a Windows machine, taking an example of Windows 8
Windows 8 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on August 1, 2012, made available for download via Microsoft ...
, one should make sure to enable one's client to act as a supplicant by going to the Network Properties of the Network Interface Card
A network interface controller (NIC, also known as a network interface card, network adapter, LAN adapter and physical network interface) is a computer hardware component that connects a computer to a computer network.
Early network interface ...
(NIC), and from the Authentication tab, "Enable IEEE 802.1X authentication" need to be checked. Similar steps need to be taken on other network devices that provide support for IEEE 802.1X authentication. This is the most important single step a user will need to make in order for one's network device to act as a supplicant.
Notes
Note that IAS was being used up toWindows Server 2003
Windows Server 2003, codenamed "Whistler Server", is the sixth major version of the Windows NT operating system produced by Microsoft and the first server version to be released under the Windows Server brand name. It is part of the Windows NT ...
; since then, it has been replaced by NPS on all subsequent Windows Server releases (2008
2008 was designated as:
*International Year of Languages
*International Year of Planet Earth
*International Year of the Potato
*International Year of Sanitation
The Great Recession, a worldwide recession which began in 2007, continued throu ...
, 2012
2012 was designated as:
*International Year of Cooperatives
*International Year of Sustainable Energy for All
Events January
*January 4 – The Cicada 3301 internet hunt begins.
* January 12 – Peaceful protests begin in the R ...
...). IAS and NPS are not the only RADIUS Servers, some other include: FreeRADIUS, Cisco Secure Access Control System (ACS) Server...
References
{{ReflistSee also
* SupplicantExternal links
ESG Open 802.1x Supplicant initiative
Understanding 802.1x authentication
on Microsoft
on Cisco
What is 802.1x Security Authentication for Wireless Networks?
on Netgear
Creating a secure 802.1x wireless infrastructure using Microsoft Windows
on Microsoft Technet
on SecureW2 IEEE 802