03-14-2013 06:01 AM - edited 03-10-2019 08:11 PM
Hello!
I try to configure 802.1X authentication with Cisco ISE, Win XP SP3 and native supplicant.
Problem is that when workstation connects to the network, it uses hostname as an username and sapplicant doesn`t pop up to ask me username and password. Anybody know how to resolve this problem? Mb to install some patch on Win XP?
Thank you!
BR,
Max
Solved! Go to Solution.
03-18-2013 12:11 AM
Are you able to get your hands on a different machine to test? I think the russian settings is what is causing the confusion with me in order to understand the supplicant settings. I do not have my hands on an XP client but see if you can use both machine or user authentication and see if that changes your luck?
Tarik Admani
*Please rate helpful posts*
03-14-2013 10:24 AM
Did you configure the suplicant to do a user-based authentication? And to not use the login-information from Windows for logging into the network? That has to be configured in the suplicant.
Sent from Cisco Technical Support iPad App
03-14-2013 11:30 AM
Thanks for reply!
Yes only for user-based authentication, I de-select "Validate server certificate" and "Automatically use my Windows logon name and password (and domain if any)". After shut/ no shut swith port I don`t see dialog box which asks credentials.
In ISE log I see that workstation uses it`s hostname as an username and uthentication fail.
03-14-2013 09:18 PM
Did you try to logoff and login after enabling the supplicant. If you are sending the machine credentials then you may want to check the registry settings:
http://support.microsoft.com/kb/949984
Tarik Admani
*Please rate helpful posts*
03-14-2013 09:37 PM
Tarik, yes of course. Also I manually installed Cisco NAC agent on workstation and it also don`t ask credentials.
I read this article, but I don`t understand what should I do?
In RADIUS debug I see folowing:
RADIUS(000000F7): Send Access-Request to ISE:1812 id 1645/243, len 248
RADIUS: User-Name [1] 29 "host/ISEfuji.office"
RADIUS: NAS-Port-Id [87] 22 "GigabitEthernet1/0/1"
RADIUS: NAS-IP-Address [4] 6 192.168.244.252
Why User-Name is workstation hostname I don`t understand.
03-14-2013 11:18 PM
Hi,
The NAC agent in an ISE deployment doesnt prompt users for authentication (that was done from the Clean Access Server in the Nac appliance days).
However, it looks as if the machine credentials are being sent instead of the user credentials. Have you tried to restart the wired auto config settings? Also have you checked the event veiwer on the workstation to see if there are any errors for the eap host? Also try seeing if the network driver needs an update.
Thanks,
Tarik Admani
*Please rate helpful posts*
03-14-2013 11:48 PM
Tarik, do you mean stop/start service? If yes, I tried it several times. In event veiwer I see folowing:
Network authentication attempts have been temporarily suspended on this network adapter.
Network Adapter: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
Interface GUID: b9f134f3-3e02-4067-bba7-d090c0fd3fb8
Reason Code: 327685
Length of block timer (seconds): 1200
Now I`m trying to find driver update.
03-14-2013 11:59 PM
I ran into a very simliar problem with this, can you try to run the "diagnose" option on the network adapter and see if this fixes your issue?
Thanks,
Tarik Admani
*Please rate helpful posts*
03-15-2013 12:07 AM
Tarik, do you mean right-click mouse on LAN and choose "diagnose"? I do it, but problem still exist.
I find new version of driver 6.110.1029.2008, is update help me?
03-15-2013 12:16 AM
Please post screenshots of your xp settings for eap. Are you forcing the client to use the windows single sign on?
Tarik Admani
*Please rate helpful posts*
03-15-2013 12:25 AM
No,I`m not.
Tarik, that is screen in attach, but I have Win XP Russian Edition, I hope you'll understand anyway.
03-15-2013 05:36 AM
In the 3rd screenshot can you check that box and see if it sends the credentials through.
Thanks,
Tarik Admani
*Please rate helpful posts*
03-15-2013 05:55 AM
Tarik, unfortunately I don't understand how to do it, could you explain me what should I do?
03-15-2013 06:01 AM
In the screenshot on the very right that you provided just check that box, from the english version this looks like the windows single sign on option.
Thanks,
Tarik Admani
*Please rate helpful posts*
03-15-2013 06:42 AM
Tarik, in Russian version if checkbox is selected, it means that the username and password are automatically selected from AD. That is the credentials with which the user connects to his workstation. I don't know if it can help us to solve the problem but Web Auth works fine.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: