Does anyone think this is feasible as a solution...
1) Machines all use the netware Client and authenticate to eDirectory initially, then to AD.
2) I want to use ACS, not Free Radius.
3) I don't want to use a 3rd party supplicant.
Does anyone think it might be possible to authenticate a machine using a certificate into AD before the user logs in using the netware client. My thinking being this... the user (or machine in this case) will have already been identified as trusted (through AD), will be connected to the network when the user submits their netware credentials. This would mean that netware could be left out of the 802.1x process completely and yet the user would still get a single sign on experience.