ā04-15-2022 11:38 PM
we have installed Cisco any connect NAM and posture modules and enpoints are bieng authenticated with EAP FAST using domain credentials single sign on. but when a new domain user trys to log into this endpoints the authentication will fail because there is no netwrok connection to the domain server. the connection to the domain server will not be established because in order for the endpoint to get network access it needs to be authenticated. endpoint authentication will only start after the user logs in with their credential. so how can i make this work for any domain account ot log in but still doing endpoint authentication?
Solved! Go to Solution.
ā04-16-2022 12:07 AM - edited ā04-16-2022 12:30 AM
@mikeyasg not sure exactly what authentication methods you are using, but configure both machine and user authentication. Therefore the machine will have network connectivity when no user is logged on.
If the user has never logged on to the endpoint before, you might be best using EAP-FAST with MSCHAPv2 as the inner method instead of EAP-TLS, as the user will not have the certificate in time to authenticate and would fail.
Refer to this post for more information on AnyConnect NAM and EAP Chaining
https://integratingit.wordpress.com/2018/06/19/eap-chaining-on-cisco-ise/
ā04-16-2022 12:07 AM - edited ā04-16-2022 12:30 AM
@mikeyasg not sure exactly what authentication methods you are using, but configure both machine and user authentication. Therefore the machine will have network connectivity when no user is logged on.
If the user has never logged on to the endpoint before, you might be best using EAP-FAST with MSCHAPv2 as the inner method instead of EAP-TLS, as the user will not have the certificate in time to authenticate and would fail.
Refer to this post for more information on AnyConnect NAM and EAP Chaining
https://integratingit.wordpress.com/2018/06/19/eap-chaining-on-cisco-ise/
ā04-17-2022 05:39 PM
Rob Ingram is correct. You need allow the endpoint to connect to Active Directory before the domain user login.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide