12-30-2008 01:47 AM - edited 03-10-2019 04:15 PM
I have successfully configured 802.1x authentication on wired and wireless Lan. We have Cisco Switches, ACS SE and Windows AD.
But i have one issue regarding the Single Sign on while authentication using the 802.1x with Windows Active directory the users that are login first time not able to logon but the users that have their profiles already existed in their PC then there is no issue and they successfully authenticated and login easily.
Is there any way of login successfully for the users first time using 802.1x authentication with Windows AD like a Single Sign On?
01-01-2009 10:45 PM
We ran into the same situation from time to time. We implemented 802.1x authentication using the Cisco Secure Services Client (SSC) on the windows hosts.
At the beginning we were completly unable to logon on the maschines where no locally stored windows profile exists. After change to timeout to authenticate at the network in the SSC options we are able to logon to the network and also be authenticated by the domain controller.
Sadly this works out often as a timing issue. Most times the user needs to try a couple of times. At the moment, I'm also very interessted in a good way to avoid this (as it seems to be) racecondition.
Hope that someone else has any clue?
01-05-2009 07:03 AM
If you are using machine-authentication, this should solve this. This should help:
01-05-2009 07:22 AM
Yes, right. But it means to prepare and take care for additional credentials and internal deployment processes. At the moment the user authentication is a very good solution to carry out wether this notebook (user) is allowed to connect or not.
01-05-2009 07:28 AM
If you're running machine-auth, kerberos actually launches for a user account before/asynchronous 802.1X does (and remember the network connection has already been enabled by machine-auth). Hence, a new user can login to the machine just like they could before 802.1X was deployed.
Hope this helps,
01-06-2009 12:06 AM
Thanks for the information, very helpfull. We will consider adding maschine authentication.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: