We have Microsoft AD with only computer accounts. XP clients are logging in with a local Windows account. We would like to replace MAC authentication with PEAP, but we don't want the login window on the wireless connection after the user is logged in.
Can we somehow configure our ACS 4.1 and our WLC 4402 so that having a computer account in AD is enough to be authenticated to a certain SSID?
Some background: We are a Novell customer and currently our MAC authentication is done via RADIUS and Novell eDir (general LDAP).
You can configure machine authentication in XP. I am assuming you know how to configure 802.1x using PEAP in XP. For machine authentications to be sent from the XP machine, do check "Authenticate as Computer when computer information is available".
By default, if machine authenticaiton is successful, then user authentication does not take place.
In ACS, you can configure the unknown user policy to forward unknown user requests to your Microsoft AD domain. (ACS server must be member of AD domain to which machine belongs or a trusted domain).