Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
612
Views
0
Helpful
1
Replies

802.1x -> Windows credentials

Nathan Spitzer
Level 1
Level 1

‎10-04-2006 12:10 PM - edited ‎03-10-2019 02:46 PM

Hello all,

I am working on an 802.1x lab and proof of concept and have 2 problems. Solving either of them will have me good-to go. Just for reference I have:

1) enabled and tested workstation authentication

2)can succesfully authenticate users and workstations against AD

First: If I use the default Windows 2000 802.1x service and have the box "Always use my Windows username and password" box checked when using PEAP, I cannot for the life of me figure out how to authenticate when I have logged in as a local user account. Windows insists on putting the local computer name in front of the username when I log in to a local account, so I cannot simply enter the default company-wide local administrator into ACS's local database.

Second: If I use the Cisco CTA client, I always get prompted for my password by CTA after I login to Windows, when I thought it should use the credentials I logged in with. I do not care if I have to enter local credentials twice, but a normal user logging into an AD account should not have to. If as I suspect this is a certificate issue my corporation does have a very good PKI infrastructure I can work off of.

My preference is not to have to install any additional software for 802.1x so if I can figure out how to authenticate when logged in as the local administrator without having to change settings, that would be best, but if I need to I can us the CTA client.

Any help would be greatly appreciated,

Nathan Spitzer

Lockheed Martin TSS

Labels:
0 Helpful
1 Reply 1

jafrazie
Cisco Employee
Cisco Employee

‎10-09-2006 01:14 PM

Not sure if this is for wireless or not, but Windows generally does not allow for this by default, due to roaming issues. See here for more details:

<http://www.microsoft.com/technet/itsolutions/network/wifi/wififaq.mspx#EAAAA>

You could set this up with MD5 to ask it for you credentials every time though, if this is for a POC test.

CTA should be able to acieve SSO as well, but this is a non-default condition for a stand-alone install. You can setup a profile which enables SSO by default though, to achieve an SSO experience for other users. See here for more details:

<http://www.cisco.com/en/US/products/ps5923/products_maintenance_guide_book09186a008068ece8.html>

Hope this helps,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents