we want to deploy dot1x in our LAN
i want to know if it is possible to let dot1x client uses automaticallly windows username/password and send them to the switch without prompting the user to enter them manually?
if yes, how ? any good document ?
note: ACS will be integrated with windows domain. all users are joigned to the domain.
If using Windows built-in Supplicant, you could try:
To enable single sign-on, check the option for Automatically use my Windows logon name and password (and domain if any). Click OK to accept this setting, and then click OK again to return to the network properties window.
ACS should be installed on a Member Server of the Domain in order to query AD:
This doc is for a wireless client and using ACS 3.X, but it is all the same concept:
The Unknown User Policy enables ACS to use a variety of external databases to attempt authentication of unknown users. This feature provides the foundation for a basic single sign-on capability through ACS. Because external user databases handle the incoming authentication requests, you do not have to maintain the credentials of users within ACS, such as passwords. This eliminates the necessity of entering every user multiple times and prevents data-entry errors inherent to manual procedures.