Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
528
Views
0
Helpful
1
Replies

ACS 4.1 machine authentication problem

bert.lefevre
Level 1
Level 1

‎12-20-2007 03:24 AM - edited ‎03-10-2019 03:34 PM

Hi,

I'm using the Cisco NAC framework in order to authenticate both users and machines before granting network access. i'm using windows AD to authenticate users and machines.

Under "External User Databases" -> Windows Authentication Configuration, you can configure some machine authentication settings.

I have to enable "Enable Machine Access Restriction" in combination with the group map "no access". Otherwise, even though machine authentication has failed, an authorized user can still login with an unauthorized machine (it will only appear in the failed attempts log but it will not be restricted).

This works, but the problem is the "aging time". The ACS caches the machines for a certain amount of time (12 hours by default). Now if a user logs off and he waits 12 hours to logg back on, authentication will fail (because machine authentication is already performed just after being logged off).

Is it possible to force machine authentication (together with the user authentication) at Windows log on?

Kind regards

Labels:
0 Helpful
1 Reply 1

jsivulka
Level 5
Level 5

‎12-27-2007 06:53 AM

ACS 4.1 machine authentication can work on windows. This issue occurs in an environment where there is more than one global catalog server for the domain. Restart CSAuth.exe service, and then try to authenticate again (with Machine credentials)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents