03-11-2010 06:07 AM - edited 03-10-2019 05:00 PM
Hello,
I'm working to implement 802.1x on my LAN, using ACS 4.2 as my authentication server. I've gotten my ACS server to successfully authorize users / PCs to AD without issue. The problem I'm having is if a user uses a local-logon to the PC. Say a laptop that's not on the domain for some reason. I see the user authenticate as <hostname>\<local user>, like testmachine\Administrator. When dealing with 500+ PCs, I don't want to have to enter PC1\Admin, PC2\Admin etc etc into ACS as local usernames.I've tried just putting "Adminsitrator" along with the local admin PW into ACS, but it doesn't work, it wants the hostname\Administrator.
How have other people overcome this issue?
There are times when you don't want to or can't log into the domain but still need network access and unplugging / repatching a machine in someone's cube is not always feasible or convenient.
Is there a way I can change the username used to authenticate? If I login with a local account on a PC, windows asks for additional informaiton to authenticate to the network...
A window pops up with the username i'm logged in with, which is grayed out, password (editable), and a grayed out PC name. Can I change the username it tries to authenticate with easily? I.E. I'm logged into the PC as Administrator, but I want to authenticate as my user.
Thanks for any clarification you can provide.
03-12-2010 07:51 AM
Hello,
ACS will authenticate the user it receives so I don't know of a way to work around this on the
ACS that will be scalable. What supplicant are you using, you may be able to configure the supplicant
to only send the username instead of sending hostname\username when the PC is not joined to
the domain. Most supplicants allow you to configure the format the username that is sent to
the ACS for authentication.
--Jesse
03-12-2010 07:57 AM
Hi Jesse,
Thanks for the information. I think I figured out how to do this. I'm using the windows built-in supplicant. If you dig down a few menus there's a check box that says "Automatically use my Windows logon name, password and Domain if any" I just unchecked that box and I'm able to change the username / PW that's used to authenticate.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide