09-03-2019 12:10 PM
I know this has been covered in other posts, but those posts are several years old. I want to see if anything has changed in recent years. I know NAM still doesn't support fast user switching and I don't believe the Windows supplicant does either. The first user that logged in will remain the Dot1x credentials no matter how many others log in.
I have tested with AC 4.7 NAM and see this to be true. If the first user logs out, NAM will fall back to computer auth. When one of the other logged in users provide their credentials during a fast user switch NAM will switch to that user's identity.
I have two questions:
Thanks for the help.
09-04-2019 02:55 PM
Paul,
True.
Have you tried Easyconnect with machine auth/MAB + AD login for fast switching. Havent tried it myself. If you have posture on top of it with a registry check or other checks, you can do a CoA. All of this are long shots.
When I looked up Fastswitching, seems like applications can track the fastswitching change on a windows call.
https://docs.microsoft.com/en-us/windows/win32/shell/fast-user-switching
Not sure if there is an event sent to AD. There is a group policy setting on this though.
-Krishnan
09-04-2019 03:00 PM
I don't think passive ID will work as the domain controller serial logs would have something like this (obviously made up log format):
User1 logged in at IP 1.1.1.1
User2 logged in at IP 1.1.1.1
User3 logged in at IP 1.1.1.1
If passive ID is scrapping the security logs it will feed all that data to pxGrid and the pxGrid clients will deal with the info. I believe they are simply going to replace previously learned data. So the pxGrid clients would think User3 is associated with 1.1.1.1.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide