802.1x question with ACS

cisconoobie · ‎03-21-2011

I have ACS 4.2 configured to authenticate Windows clients using PEAP. ACS is setup to check Active Directory to make sure the user and machine are valid.

This process works fine but I want to be able to login as local admin (not part of active directory) but ACS does not have this user account and "authentication fails". I can create the user account as a local user but I have to create the account with machine account name, which means if I have 100 machines, then I have to create 100 machine account local admins.

Is there an easier way to do this? How can I easily authenticate or bypass the local admin account?

Tiago Antunes · ‎03-24-2011

Hi,

I am not sure if this is a dot1x question...

It looks you are having some dificulty with the user account creation...

The Administrator account credentials need to be created in a database, either the ACS internal or the AD, or even another one.

Where have you created the Administrator cedentials account?

Why do you say you have to create the account with machine account name?

When you boot your PC, what is exactly happening? Are you able to enter the administrator account credentials on the login prompt for the dot1x authentication?

Thanks,

Tiago

--

If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

cisconoobie · ‎03-27-2011

The administrator account comes from AD. The domain "administrator" logs in and 802.1x authenticates the username which came from DOMAIN_X

Now I try to login on the local machine account, not using domain and I can't authenticate. Now the credentials passed are MACHINENAME\administrator instead of DOMAINX\administrator

ACS is configured to check DOMAINX for valid user accounts.

I can manually enter user account for MACHINENAME\administartor but we have 1000+ machines and this is not an option.

Please assist and thanks for the reply!