cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
291
Views
0
Helpful
6
Replies

EAP-TLS - user already logged in - expected behavior

iores
Level 1
Level 1

Hi,

what is the expected behaviour when user connects laptop to a wired network, and has already logged into Windows?

As I understood, EAP-TLS user authentication is performed during log-in screen.

 

6 Replies 6

@iores if the user is already logged into windows and connects to the network, authentication will start and will be authenticated (assuming authentication credentials valid).

ammahend
VIP
VIP

Expected behavior is that user will have to be authenticated using certificate on the device, If the port is configured for 802.1X then by default nothing is allowed except EAP exchange until the user/device is authenticated.

you can verify this why running a debug on the switch like debug radius authentication 

-hope this helps-

PradeepSingh
Level 1
Level 1

In this scenario as well authentication will happen. Even user is already logged in, authentication will start. As soon as network link is up on network port switch will send EAP start message to client supplicant. Subsequently client will send credentials and authentication will happen.

Arne Bier
VIP
VIP

How is the Windows Supplicant configured?  Computer, User or User/Computer authentication?

Computer auth: happens when machine boots, prior to login.  And also when a logged-in user logs out of their account.

User auth: happens when a user logs into the Locked screen.

 

iores
Level 1
Level 1

Where does the supplicant get user credentials from? Are they cached somewhere in Windows?

There are no credentials with EAP-TLS. When Windows is in the User state, the supplicant will present the User certificate for authentication.