cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

287
Views
0
Helpful
1
Replies
Highlighted

ACS5.4 Machine & User Authentication occasionally problem

Hi,

I have an 802.1x implementiation for about 100 users now.

Clients must meet the following criteria: 1) PC joined to domain (machine auth.), 2) valid AD account (user auth.)

Occasionally some clients are unable to join the network,even if the authentication process starts from zero (with pc shut-down).

As a work around we shut down the pc and then client passes the authentication without problem.

We use ACS5.4 and 2960 switches.The problem appears on both Win7-XP machines.

From the logs i see that machine doesn't send it's Domain Machine name (host-xxx) so fallbacks to the next method.

Any thoughts? 

Thanks,

Christos.

1 REPLY 1
Highlighted
Enthusiast

If a computer fails machine authentication and the  user has not  successfully logged in to the domain by using the computer  since the  most recent user password change, the cached credentials on  the  computer will not match the new password. Instead, the cached   credentials will match an older password of the user, provided that the   user once successfully logged in to the domain from this computer.

Note

Microsoft   PEAP clients may also initiate machine authentication whenever a user   logs off. This feature prepares the network connection for the next  user  login. Microsoft PEAP clients may also initiate machine  authentication  when a user shuts down or restarts the computer rather  than just logging  off.

Content for Community-Ad