02-16-2011
07:18 AM
- last edited on
03-25-2019
05:27 PM
by
ciscomoderator
I am having an issue with authenticating Windows7 PC's with ACS 5.2. I am running ACS version 5.2.026 and using active directory to authenticate against. The problem I am having is that when I see the ACS failure the username coming in from the Window7 dot1x client is the MAC address and not the machine name. I've configured the dot1x client in WIndows7 to use computer authentication.but for some reason it's not working. I have XP clients using the Cisco Secured Services Client and they work fine. The request come in just fine with the machine name. I'll put examples below from the ACS log. The odd thing is about two months ago I tested this same setup with Windows7 and it worked so I'm not sure if it could be a group policy setting causing this issue. We are authenticating Cisco IP phones (7940 and 7960) using mac address bypass so on the ports I've set the authentiaction order to mab dot1x webauth. Changing this setting does not seem to matter. Thanks in advance for any help.
XP Client with CSSC dot1x client
Logged At: | February 16,2011 9:08:22.626 AM |
RADIUS Status: | Authentication succeeded |
NAS Failure: | |
Username: | host/mxm71001fk |
MAC/IP Address: | 00-19-BB-E0-8F-B0 |
Network Device: | ACS_Test_Switch : 10.1.254.53 : FastEthernet1/0/13 |
Access Service: | Default Network Access |
Identity Store: | AD1 |
Authorization Profiles: | 2nd_Floor_Profile |
CTS Security Group: | |
Authentication Method: | EAP-FAST |
Windows7 Client with built in dot1x client
Logged At: | February 16,2011 9:10:17.630 AM |
RADIUS Status: | Authentication failed : 22056 Subject not found in the applicable identity store(s). |
NAS Failure: | |
Username: | D4-85-64-A4-08-EE |
MAC/IP Address: | D4-85-64-A4-08-EE |
Network Device: | 2B_Stack : 10.1.254.10 : FastEthernet2/0/21 |
Access Service: | Default Network Access |
Identity Store: | |
Authorization Profiles: | |
CTS Security Group: | |
Authentication Method: | Lookup |
02-17-2011 09:11 AM
If that's how your win7 is sending the username then the problem is on the client PC, not ACS.
Can you post pictures of how you configured machine authentication on win7 ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide