Solved: Wired 802.1x authentication for PC required to login by AD account

tomi@jototech.cn · ‎06-11-2020

Hi there,

We environment require all the PC log in Windows via AD account, while as far as I know, before login the windows, the PC can only get authenticated by machine name, and once the PC logged in, then username and password based 802.1x will take place and get the correct VLAN and IP.

I'm wondering if there is any step by step guide ISE/Switch setup guide to fulfill it?

balaji.bandi · ‎06-11-2020

there is a good guide with steps :

https://community.cisco.com/t5/security-documents/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎06-11-2020

there is a good guide with steps :

https://community.cisco.com/t5/security-documents/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Nadav · ‎06-13-2020

Take a look specifically at the "Configuring Microsoft Windows and Apple OS X Devices for 802.1X" chapter. You'll see a checkbox called "Automatically user my Windows logon name…".

Unlike the guide, you'll want this checkboxed checked if your requirement is to provide domain and username rather than hostname. If you change this on the fly for a workstation you'll need to restart the 802.1x service (I think it's called Eaphost).

This may provide some insight as well:

https://social.technet.microsoft.com/Forums/windowsserver/en-US/667934f0-9da8-4dcc-ae5a-fa1880648ae4/windows-xp-peap-authentication-fails?forum=winserverNAP