09-21-2011 11:34 AM - edited 03-10-2019 06:25 PM
Dear All,
As Cisco ACS/ ISE is capable of Machine Authentication such as checking if the machine is joined to domain through certificate, is it possible by using dot1x restrict user to logon to windows domain instead of logging locally on the windows machine using local username and password.
When User logs on to windows machine PEAP will popup a window for the authentication, user will put domain user and password to get connected to the network. In my scenario user first logon to machine using local user name and password and once prompted he/she puts domain user name and password for dot1x. which allows them not to be restricted from domain policies.
We have policy that users should not have network access unless he/she logs on the windows domain. We are in phase of Deploying Cisco ISE, I am wondering if I can achieve it using Cisco ACS/ISE
Thanks in Advance for all your help, Sorry if it is already discussed.
Shoeb Ahmed,
10-04-2011 08:09 PM
Can you please elaborate your scenario, are the users using different credentials to login to the machine versus the supplicant? You should be able to issue a group policy where the supplicant uses the windows credentials and lock that down for all users.
Also if you only want corporate issued devices on the network you can enable machine access restriction (MAR) this will only allow users that authenticate from domain issued laptops.
Let me know if this helps any,
Tarik Admani
10-06-2011 12:56 PM
Dear Tarik,
Thanks for your interest, MAR will make sure that machine is authenticated. My requirement says that the machine should be corporate machine which MAR fullfills, also the management want the user should not be able to logon locally even if he has admin password of the local machine. Is it possible to restrict users to restrict not to logon locally on the machine.
To be more specific, we need to make supplicant to integrated authentication, than prompting users to username and password.
Thanks,
Shoeb
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: