Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


802.1x -> Windows credentials

Hello all,

I am working on an 802.1x lab and proof of concept and have 2 problems. Solving either of them will have me good-to go. Just for reference I have:

1) enabled and tested workstation authentication

2)can succesfully authenticate users and workstations against AD

First: If I use the default Windows 2000 802.1x service and have the box "Always use my Windows username and password" box checked when using PEAP, I cannot for the life of me figure out how to authenticate when I have logged in as a local user account. Windows insists on putting the local computer name in front of the username when I log in to a local account, so I cannot simply enter the default company-wide local administrator into ACS's local database.

Second: If I use the Cisco CTA client, I always get prompted for my password by CTA after I login to Windows, when I thought it should use the credentials I logged in with. I do not care if I have to enter local credentials twice, but a normal user logging into an AD account should not have to. If as I suspect this is a certificate issue my corporation does have a very good PKI infrastructure I can work off of.

My preference is not to have to install any additional software for 802.1x so if I can figure out how to authenticate when logged in as the local administrator without having to change settings, that would be best, but if I need to I can us the CTA client.

Any help would be greatly appreciated,

Nathan Spitzer

Lockheed Martin TSS

Cisco Employee

Not sure if this is for wireless or not, but Windows generally does not allow for this by default, due to roaming issues. See here for more details:


You could set this up with MD5 to ask it for you credentials every time though, if this is for a POC test.

CTA should be able to acieve SSO as well, but this is a non-default condition for a stand-alone install. You can setup a profile which enables SSO by default though, to achieve an SSO experience for other users. See here for more details:


Hope this helps,

Content for Community-Ad