Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Login scripts not running with AnyConnect NAM and ISE 1.2

I am using AnyConnect 3.1 NAM as my 802.1x supplicant for ISE 1.2.  When users log in with EAP Chaining (User and Machine Auth), the login script seems hit or miss on if it runs to map their drives.  If I uninstall the NAM client, they map drives every time.  I would think that running a login script to map drives is a common scenario and I was wondering if anyone else using AnyConnect NAM was having similar issues or how they were dealing with it.

Everyone's tags (1)
6 REPLIES
New Member

I'm having the same issue,

I'm having the same issue, but only when wired.  I'm only using AnyConnect NAM for laptops at this time and when it's wireless, the login script runs fine.  When wired, no login script even attempts to run.  I don't know what the problem is.

New Member

I am having the same issue.

I am having the same issue. The script does not run at all. I will be putting in a TAC case.

I have the same issue with

I have the same issue with Cisco AnyConnect Network Access Manager 3.1.05182 and ISE 1.2.1.198,

How do you solve this issue?

 

Thanks,

Pablo

New Member

I think I changed Client

I think I changed Client Policy for wired, Connection Settings, to Before user logon and 5 seconds.

New Member

I have the same issue and I

I have the same issue and I solve the issue with change these parameters.

1.- You must change on configuration profile "before user logon". I have 5 seconds

2.- You must change on configuration profile  "port authentication Exception policy" and you must enable checkbox "enable port exceptions" and select "allow data traffic before authentication"

3.- You must enable in the option of interface Ethernet Intel on PC "Wait for link" this option It's in "configured advanced of Intel. You must select "on" in this option.

4.- (this recommendation it was by Cisco) 

Active Direct GPO has a setting "Computer Configuration\Administrative
Templates\System\Logon\ Always wait for the network at computer startup and logon" that
can be enabled to make the logon scripts wait till 802.1x authentication is completed.

 

With those changes the logon script run fine.

 

Regards

David.

New Member

all thats configured and it

all thats configured and it still doesnt work.

848
Views
5
Helpful
6
Replies