ge-aerospace/inno-installers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
803853b125c0c3a5af071112ae4bafee1953f0fa
inno-installers/MachineAuth/README.md
cproudlock 803853b125 Add MachineAuth 802.1x network configuration installer 
New Inno Setup project that configures shop floor PCs for Machine VLAN
connectivity via 802.1x/ISE authentication.

Features:
- Native Pascal implementation (no external batch files required)
- Silent installation support for deployment automation
- Windows 7/8/10/11 auto-detection
- Automatic network interface detection (wired/wireless)
- Detailed logging and results display

Configures:
- Wired: 802.1x PEAP/MS-CHAPv2 via Corporate Holdings RADIUS
- Wireless: AESFMA SSID with EAP-TLS via Aerospace FreeRADIUS

Usage:
  MachineAuthSetup.exe /VERYSILENT /SUPPRESSMSGBOXES

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-19 16:33:39 -05:00

4.9 KiB
Raw Blame History

Machine Authentication 3.0

Configures shop floor PCs for 802.1x/ISE Machine VLAN connectivity with support for both wired and wireless networks.

Overview

This installer automates the configuration of 802.1x network authentication for GE Aerospace shop floor machines, enabling secure access to the Machine VLAN without requiring user credentials.

What It Configures

Network Type Authentication Server
Wired 802.1x PEAP/MS-CHAPv2 Corporate Holdings RADIUS
Wireless 802.1x EAP-TLS (certificate) Aerospace FreeRADIUS

Features

  • Native Inno Setup Implementation - All logic in Pascal script, no external batch files
  • Silent Installation Support - Full automation for deployment tools
  • Windows 7/10/11 Support - Auto-detects OS and uses appropriate interface names
  • Automatic Network Detection - Identifies active interface (wired or wireless)
  • Detailed Logging - Comprehensive log output for troubleshooting

Usage

Interactive Installation

  1. Run MachineAuthSetup.exe as Administrator
  2. Review the configuration summary
  3. Click Install
  4. View results and verify connectivity

Silent Installation

MachineAuthSetup.exe /VERYSILENT /SUPPRESSMSGBOXES

With logging:

MachineAuthSetup.exe /VERYSILENT /SUPPRESSMSGBOXES /LOG="C:\ma3_install.log"

Configuration Details

Wired Network (8021x.xml)

  • EAP Type: 25 (PEAP)
  • Inner Method: MS-CHAPv2 (Type 26)
  • Auth Mode: Machine
  • Credentials: Windows logon credentials
  • Service: dot3svc (Wired AutoConfig)

Wireless Network (AESFMA.xml)

  • SSID: AESFMA
  • Security: WPA2-Enterprise, AES
  • EAP Type: 13 (EAP-TLS)
  • Auth Mode: Machine (certificate-based)
  • Service: Wlansvc (WLAN AutoConfig)

Interface Names

Windows Version Wired Interface Wireless Interface
Windows 7/8 Local Area Connection Wireless Network Connection
Windows 10/11 Ethernet Wi-Fi

Installation Steps

  1. Stop NetworkAdapterManager service (if present)
  2. Enable and start Wired AutoConfig (dot3svc)
  3. Import 802.1x profile to wired interface
  4. Enable and start WLAN AutoConfig (Wlansvc)
  5. Import AESFMA profile to wireless interface
  6. Reconnect active network interface
  7. Start NetworkAdapterManager service
  8. Wait 10 seconds for network stabilization

Requirements

  • Windows 7, 8, 10, or 11
  • Administrator privileges
  • SSL certificate for FreeRADIUS (pre-installed on managed machines)
  • Standard network interface naming conventions

Files

MachineAuth/
├── MachineAuth.iss      # Inno Setup script
├── 8021x.xml            # Wired 802.1x profile
├── AESFMA.xml           # Wireless AESFMA profile
├── gea-logo.ico         # Setup icon
├── banner.bmp           # Wizard banner
├── banner-sm.bmp        # Wizard small image
└── README.md            # This file

Legacy Files (Not Required)

These files are from the original batch-based installer and are not used by the Inno Setup version:

  • MA3NetworkConfigv4.bat - Original batch script
  • ge_runasuser.exe - Run-as-user utility
  • RebootDelay.exe - Reboot delay utility
  • $PLUGINSDIR/ - NSIS plugin remnants

Troubleshooting

"Requires administrator privileges"

Right-click the installer and select "Run as administrator"

Network doesn't reconnect after configuration

  1. Manually disconnect and reconnect the network adapter
  2. Check Windows Services that dot3svc and/or Wlansvc are running
  3. Verify the machine has the required certificates

AESFMA wireless doesn't connect

  • Verify the FreeRADIUS SSL certificate is installed
  • Check that the machine is in the correct AD group
  • Ensure the wireless adapter supports WPA2-Enterprise

Wired 802.1x authentication fails

  • Verify the machine account is in the correct AD group
  • Check that the switch port is configured for 802.1x
  • Review the RADIUS server logs for authentication errors

Check installed profiles

Wired profiles:

netsh lan show profiles

Wireless profiles:

netsh wlan show profiles

Remove and reinstall profiles

Remove wired profile:

netsh lan delete profile interface="Ethernet"

Remove wireless profile:

netsh wlan delete profile name="AESFMA"

Then run the installer again.

Building

  1. Install Inno Setup 6.x
  2. Open MachineAuth.iss
  3. Compile (F9)
  4. Output: Output/MachineAuthSetup.exe

Technical Notes

  • No reboot required
  • Brief network interruption during configuration (~10-15 seconds)
  • Safe to run multiple times
  • Does not remove existing profiles (adds/updates)

Author

WJDT / GE Aerospace

Reference in New Issue View Git Blame Copy Permalink