- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2023 01:28 PM
hi,
i am searching for a way to combine computer certificate (eap-tls) and user authentication (mschapv2) in one session. with EAP-TEAP this should be possible, but i have a problem with the user authentication. if the windows 10 feature credential guard is active the username/password cant be used for the mschapv2 part. is this right or a misunderstanding or has anyone a solution for this problem?
i hope any one can help me
best regards nils
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2023 06:34 AM
No my understanding is Credential Guard prevents the account credentials from being used directly across the OS. Certificate based auth methods are much preferred.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2023 05:10 PM
This is correct. Why not use user certificates instead? You can also disable credential guard.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2023 12:04 AM
hi, completely disabling credential guard is not a good idea becaus of security reasons.
if the user certificate is the only other option, i will try it! thank you
are there any other option with the cisco secure client NAM Module?
regards Nils
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2023 06:34 AM
No my understanding is Credential Guard prevents the account credentials from being used directly across the OS. Certificate based auth methods are much preferred.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2023 01:07 AM
In my opinion TEAP would be a better option comparing to AnyConnect NAM because it is native and doesn't require any additional licenses.
