I have a query regarding ACS 5.1 using EAP-PEAP (machine auth plus user name and password). I have successfully setup AD authentication using Machine auth and user credentials and this works ok for corporate wireless devices and users.
My ACS rules are machine auth against AD computers which gives a positive/pass, then a rule against user but ensuring the device is a valid domain device with "was machine authenticated = TRUE".
The problem is when using a Windows 7 device (laptop) and logging in using the local admin account I successfully connect to the network but the local Admin account is not in AD. By default the W7 wireless adapter under security>advanced settings> specify authentication mode is computer authentication only.
The W7 client doesn't send over any user credentials?
Has anyone come across this problem before? Do I need to tweek the W7 clients via GP or is there a way of stopping just machine authentication with out a valid user name and password?
Realy appreciate any responses and thank you in advance.
