10-04-2006 12:10 PM - edited 03-10-2019 02:46 PM
Hello all,
I am working on an 802.1x lab and proof of concept and have 2 problems. Solving either of them will have me good-to go. Just for reference I have:
1) enabled and tested workstation authentication
2)can succesfully authenticate users and workstations against AD
First: If I use the default Windows 2000 802.1x service and have the box "Always use my Windows username and password" box checked when using PEAP, I cannot for the life of me figure out how to authenticate when I have logged in as a local user account. Windows insists on putting the local computer name in front of the username when I log in to a local account, so I cannot simply enter the default company-wide local administrator into ACS's local database.
Second: If I use the Cisco CTA client, I always get prompted for my password by CTA after I login to Windows, when I thought it should use the credentials I logged in with. I do not care if I have to enter local credentials twice, but a normal user logging into an AD account should not have to. If as I suspect this is a certificate issue my corporation does have a very good PKI infrastructure I can work off of.
My preference is not to have to install any additional software for 802.1x so if I can figure out how to authenticate when logged in as the local administrator without having to change settings, that would be best, but if I need to I can us the CTA client.
Any help would be greatly appreciated,
Nathan Spitzer
Lockheed Martin TSS
10-09-2006 01:14 PM
Not sure if this is for wireless or not, but Windows generally does not allow for this by default, due to roaming issues. See here for more details:
<http://www.microsoft.com/technet/itsolutions/network/wifi/wififaq.mspx#EAAAA>
You could set this up with MD5 to ask it for you credentials every time though, if this is for a POC test.
CTA should be able to acieve SSO as well, but this is a non-default condition for a stand-alone install. You can setup a profile which enables SSO by default though, to achieve an SSO experience for other users. See here for more details:
<http://www.cisco.com/en/US/products/ps5923/products_maintenance_guide_book09186a008068ece8.html>
Hope this helps,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide