authorization policy with windows

adamgibs7 · ‎05-04-2018

Dears,

I am doing eap chaining and it is working perfect with machine auth and user auth by the windows AD.

I have 2 problems as per below

whenever I do remote desktop to user pc I have to add username and password twice , once on the windows remote small window with ip address and password and then when it accepts then the actual screen of the remote PC which we see when we are in front of the PC.
whenever i login remotely by a localadmin on the PC my authentication and authorization fails on the ISE and by login in local admin of the PC i loose access becz ise fails the authentication and authorization policy becz this username is not in the AD. how i can make such policy to overcome the issue.

Thanks

Ben Walters · ‎05-04-2018

1. This could be an issue related to your group policy but here is a thread from TechNet that might be helpful https://social.technet.microsoft.com/Forums/windows/en-US/a6cc8c31-dd0d-4a51-a9e0-a26f9a7e7024/remote-desktop-double-login?forum=w7itprogeneral

2. If you are using AD for authentication in ISE it will fail since the local admin is not a user in AD. You could switch to an AD admin account for remote access or configure local authentication in ISE and create a user in ISE that matches the local user you use for remote connections. Of course then you would have to make sure you use the same account on all computers.

adamgibs7 · ‎05-04-2018

Dear

thanks for the reply

If the switch port is configured in the ISE it will not ask for twice login ?? for example if I removed the dot 1 x port settings from the switch port we should come to know the issue is from the ISE or from the group policy.

Can u suggest the authorization condition that has to met to access the PC remotely by local ise user account that will be authenticated.