Using Microsoft PEAP 802.1x client on Windows XP SP2, if we enable machine authentication against a Windows Domain, the machine authentication is successful and the machine gets access to the network. However, when user logon occurs to the domain, contrary to the flow given in ACS and Windows documentation, no user authentication takes place.
We need to differentiate user access based on their identities. We need machine authentication only to allow users access to the domain controller and also GP implementation.
Any idea why user does not get prompted when they logon. 802.1x is configured in users profile and I have tried with both integrated and non-integrated with Domain logon (i.e. "use my windows logon name and password and domain (if any) option"
There is no record of any identity request/response in ACS after the initial machine authentication (which appears in successful authentication log)
We are using MS-CHAPv2.