Add MachineAuth 802.1x network configuration installer

New Inno Setup project that configures shop floor PCs for Machine VLAN connectivity via 802.1x/ISE authentication. Features: - Native Pascal implementation (no external batch files required) - Silent installation support for deployment automation - Windows 7/8/10/11 auto-detection - Automatic network interface detection (wired/wireless) - Detailed logging and results display Configures: - Wired: 802.1x PEAP/MS-CHAPv2 via Corporate Holdings RADIUS - Wireless: AESFMA SSID with EAP-TLS via Aerospace FreeRADIUS Usage: MachineAuthSetup.exe /VERYSILENT /SUPPRESSMSGBOXES Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-19 16:33:39 -05:00
parent 5c07ffe288
commit 803853b125
12 changed files with 879 additions and 1 deletions
--- a/MachineAuth/README.md
+++ b/MachineAuth/README.md
@@ -0,0 +1,171 @@
+# Machine Authentication 3.0
+
+Configures shop floor PCs for 802.1x/ISE Machine VLAN connectivity with support for both wired and wireless networks.
+
+## Overview
+
+This installer automates the configuration of 802.1x network authentication for GE Aerospace shop floor machines, enabling secure access to the Machine VLAN without requiring user credentials.
+
+## What It Configures
+
+| Network Type | Authentication | Server |
+|--------------|----------------|--------|
+| Wired | 802.1x PEAP/MS-CHAPv2 | Corporate Holdings RADIUS |
+| Wireless | 802.1x EAP-TLS (certificate) | Aerospace FreeRADIUS |
+
+## Features
+
+- **Native Inno Setup Implementation** - All logic in Pascal script, no external batch files
+- **Silent Installation Support** - Full automation for deployment tools
+- **Windows 7/10/11 Support** - Auto-detects OS and uses appropriate interface names
+- **Automatic Network Detection** - Identifies active interface (wired or wireless)
+- **Detailed Logging** - Comprehensive log output for troubleshooting
+
+## Usage
+
+### Interactive Installation
+
+1. Run `MachineAuthSetup.exe` as Administrator
+2. Review the configuration summary
+3. Click Install
+4. View results and verify connectivity
+
+### Silent Installation
+
+```batch
+MachineAuthSetup.exe /VERYSILENT /SUPPRESSMSGBOXES
+```
+
+With logging:
+```batch
+MachineAuthSetup.exe /VERYSILENT /SUPPRESSMSGBOXES /LOG="C:\ma3_install.log"
+```
+
+## Configuration Details
+
+### Wired Network (8021x.xml)
+
+- **EAP Type:** 25 (PEAP)
+- **Inner Method:** MS-CHAPv2 (Type 26)
+- **Auth Mode:** Machine
+- **Credentials:** Windows logon credentials
+- **Service:** dot3svc (Wired AutoConfig)
+
+### Wireless Network (AESFMA.xml)
+
+- **SSID:** AESFMA
+- **Security:** WPA2-Enterprise, AES
+- **EAP Type:** 13 (EAP-TLS)
+- **Auth Mode:** Machine (certificate-based)
+- **Service:** Wlansvc (WLAN AutoConfig)
+
+## Interface Names
+
+| Windows Version | Wired Interface | Wireless Interface |
+|-----------------|-----------------|-------------------|
+| Windows 7/8 | Local Area Connection | Wireless Network Connection |
+| Windows 10/11 | Ethernet | Wi-Fi |
+
+## Installation Steps
+
+1. Stop NetworkAdapterManager service (if present)
+2. Enable and start Wired AutoConfig (dot3svc)
+3. Import 802.1x profile to wired interface
+4. Enable and start WLAN AutoConfig (Wlansvc)
+5. Import AESFMA profile to wireless interface
+6. Reconnect active network interface
+7. Start NetworkAdapterManager service
+8. Wait 10 seconds for network stabilization
+
+## Requirements
+
+- Windows 7, 8, 10, or 11
+- Administrator privileges
+- SSL certificate for FreeRADIUS (pre-installed on managed machines)
+- Standard network interface naming conventions
+
+## Files
+
+```
+MachineAuth/
+├── MachineAuth.iss      # Inno Setup script
+├── 8021x.xml            # Wired 802.1x profile
+├── AESFMA.xml           # Wireless AESFMA profile
+├── gea-logo.ico         # Setup icon
+├── banner.bmp           # Wizard banner
+├── banner-sm.bmp        # Wizard small image
+└── README.md            # This file
+```
+
+## Legacy Files (Not Required)
+
+These files are from the original batch-based installer and are not used by the Inno Setup version:
+
+- `MA3NetworkConfigv4.bat` - Original batch script
+- `ge_runasuser.exe` - Run-as-user utility
+- `RebootDelay.exe` - Reboot delay utility
+- `$PLUGINSDIR/` - NSIS plugin remnants
+
+## Troubleshooting
+
+### "Requires administrator privileges"
+Right-click the installer and select "Run as administrator"
+
+### Network doesn't reconnect after configuration
+1. Manually disconnect and reconnect the network adapter
+2. Check Windows Services that dot3svc and/or Wlansvc are running
+3. Verify the machine has the required certificates
+
+### AESFMA wireless doesn't connect
+- Verify the FreeRADIUS SSL certificate is installed
+- Check that the machine is in the correct AD group
+- Ensure the wireless adapter supports WPA2-Enterprise
+
+### Wired 802.1x authentication fails
+- Verify the machine account is in the correct AD group
+- Check that the switch port is configured for 802.1x
+- Review the RADIUS server logs for authentication errors
+
+### Check installed profiles
+
+Wired profiles:
+```batch
+netsh lan show profiles
+```
+
+Wireless profiles:
+```batch
+netsh wlan show profiles
+```
+
+### Remove and reinstall profiles
+
+Remove wired profile:
+```batch
+netsh lan delete profile interface="Ethernet"
+```
+
+Remove wireless profile:
+```batch
+netsh wlan delete profile name="AESFMA"
+```
+
+Then run the installer again.
+
+## Building
+
+1. Install [Inno Setup 6.x](https://jrsoftware.org/isdl.php)
+2. Open `MachineAuth.iss`
+3. Compile (F9)
+4. Output: `Output/MachineAuthSetup.exe`
+
+## Technical Notes
+
+- No reboot required
+- Brief network interruption during configuration (~10-15 seconds)
+- Safe to run multiple times
+- Does not remove existing profiles (adds/updates)
+
+## Author
+
+WJDT / GE Aerospace