Solved: Thanks hslai,

Steve11 · ‎08-08-2014

Hi Guys,

Whilst I’m well aware of the limitations of the built in the windows Wireless 802.1x supplicant. Is there a way, using the NAM client to authenticate both a computer and a user simultaneously, when used for authentication to wireless networks?

As has been posted many times before on this forum, this isn’t possible due to windows not authenticating with the 'computer account' whilst the user is logged in, but with the NAM client it seems possible to do both user and computer authentication based on the options it gives you with EAP-Fast and 'EAP Chaining'.

Can anyone validate this is possible? I have the design guide for exactly this for Cisco ISE but i need it to work on ACS (5.x).

Thanks in advance.

SteveH

hslai · ‎01-14-2016

EAP Chaining with AnyConnect 3+ NAM is unique to ISE.

No plan to add it in ACS so ACS customers not moving to ISE would use MAR, instead; that is, use computer auth while the user not logged-in and use user auth after the user logged-in.

View solution in original post

hslai · ‎01-14-2016

EAP Chaining with AnyConnect 3+ NAM is unique to ISE.

No plan to add it in ACS so ACS customers not moving to ISE would use MAR, instead; that is, use computer auth while the user not logged-in and use user auth after the user logged-in.

Steve11 · ‎01-14-2016

Thanks hslai,

You are correct, ISE only unfortunately.

SteveH

EAP Chaining with Cisco ACS 5.x and the Cisco Anyconnect NAM Client