Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

how to let ACS interoperate with AD's 'log on to'

When authenticating a user via ACS 5.3.0(40) to his entry in AD, it fails when the user is attributed in AD with 'log on to <specific computer(s)>.  User authenticating (as long as user is in AD set to default 'log on to' <all computers>) succeeds and machine authentication succeeds as well.  Obviously, ACS does not pass user-id + machine-id to AD upon user logon.  Is there any solution for this?

2 REPLIES
Cisco Employee

how to let ACS interoperate with AD's 'log on to'

I guess, I have seen this before. Are you doing peap/eap-tls wireless "user authentication"?

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

how to let ACS interoperate with AD's 'log on to'

Windows stations configuration (dot1x applies to the wired environment here) :

    1. Admin       tools > Services > Wired Autoconfig : set it to auto start, start       it and close
    2. Network       Places > Properties > LAN Adapter > Authentication tab (added       now …) > select EAP –PEAP > in settings : disable : server       certificate and save

ACS is configured to allow protocols :

MS-CHAPv1 and v2, EAP-MD5, EAP-TLS, PEAP (which is also the preferred EAP protocol).

185
Views
0
Helpful
2
Replies