09-03-2020 08:56 AM
Hello, guys.
Did someone face the same issue ? Any hints are appreciated.
I am migrating from Windows Native Supplicant using PEAP to
NAM using EAP-FAST with machine and user cert authentication.
NAM is installed, configuration.xml is uploaded, machine certificate authentication is successful (can see it in ISE logs)
The issue is:
If/When a new user logs into the PC it fails to download it's user certificate and GPO policies
=> which causes a pop up window: No valid certificates available. Please insert a smart card or install a valid certificate.
=> Then NAM blocks network completely.
at that moment no certificate available for user in Personal directory.
gpupdate fails because the PC cannot reach GPO server
I tried using a setting in NAM Profile editor under Client Policy -> connection Settings - Before user logon for 60 seconds but it didn't help.
PC still fails to upload a user profile and fails to connect to network.
- ISE 2.6
- NAM 4.8
- Win 10
- Tested for Wired
The current very bad workaround:
To disable NAM on the driver, authenticate using PEAP native supplicant, download a profile and a user cert, enable NAM back and successfully use EAP-FAST
which only proves that a user profile cannot be downloaded because of NAM.