Re: 802.1x wired authentication to AD

ciscors · ‎07-25-2006

Wired authentication:

This is what I want to accomplish:

Switch - ACS 4.0 -> Active Directory

Assume a new user is logging into the network for the first time and he starts his computer which has been configured for 802.1x PEAP. I have checked off the option 'Automatically use my Windows logon name and password' in LAN properties

Now, after the computer starts, the user is presented with the regular Windows dialog logon box to which he hits Ctrl+Alt+Del and enters his Windows AD credentials. I want those credentials to be sent to the switch as part of the 802.1x logon. After the port is authorized, those same credentials should be passed onto Active Directory to become authenticated to the Windows network.

Possible? I'm assuming this is the way it should & can work

s.jankowski · ‎07-31-2006

This depends on the order of services being loaded by the Operating systems at the startup.If the option "Automatically use my Windows logon name and password" in LAN that should be fine for 802.1X authentication.So this should work for both LAN and AD in windows.

etamminga · ‎08-16-2006

Hi, you need machine authentication as well. Otherwise Windows will not be able to verify the user's identity and cannot log the user in. Windows authentication of the user takes place before the switchport authenticates for the user. Machine authentication allows the computer to authenticate and get access to the network before the user logs in. Thus the user authentication CAN take place because the DC's are only available after machine authentication succeeded.