It works for me if I go into the network settings and save my credentials. It also works if I have a machine that is in the domain and I check "Automatically use my Windows logon name and password". That will cover 90% of my cases.
However, if a machine is not on the domain and connects I expect that I should be prompted by the supplicant to provide credentials. That is the part that is not working. Thanks John On Thu, May 9, 2013 at 12:08 PM, Kay Avila <[email protected]> wrote: > John, we've only done limited testing, but so far, authenticating with > 802.1x AD machine accounts on Windows 7 has worked successfully for us. > Just a thought. > > > On 5/7/2013 6:31 PM, John Kaftan wrote: > >> Actually it does work when I have that set. I tried that earlier today. >> Often in a university though machines are on the network that are not >> part of the AD domain, like the first two I was working with. Its crazy >> that Windows won't respond the the first eap packet from the switch >> unless credentials are configured to be provided automatically. >> Wireless prompts just fine. I did some research and it seems that >> 802.1x on wired is still unreliable. I found 7 patches to install and >> it still doesn't work right. I wonder why wireless is fine but wired >> isn't. The protocol has been around since 2002 or so. It should be >> fully baked by now. >> >> John >> >> On May 7, 2013 7:11 PM, "Robert Perry" <[email protected] >> <mailto:[email protected]>**> wrote: >> >> Have a look at this document, it may help. Specifically look at >> section 1.1.10 - This would seem what “MIGHT” be missing ? How >> are you disconnecting and reconnecting from the network ? Are you >> unplugging the cable ? If you actually logout, you should get >> prompted for a new login. >> >> Best of luck ! >> >> Best Regards, >> >> Bob Perry >> >> *From:*John Kaftan [mailto:[email protected] >> <mailto:[email protected]>] >> *Sent:* Tuesday, May 07, 2013 2:43 PM >> *To:* Enterasys Customer Mailing List >> *Subject:* Re: [enterasys] Wired 802.1x >> >> >> That's not good. I want to keep Admin-Edge. I do have 802.1x >> listed as first. 802.1x is working just fine if I store my >> credentials within the supplicate. My only problem is that I cannot >> get prompted by Windows. >> >> On Tue, May 7, 2013 at 1:34 PM, Brian Anderson - ASI >> <[email protected] >> <mailto:Brian@arcadiasecureit.**com<[email protected]>>> >> wrote: >> >> There may be some switch config settings that might help. Try >> setting 8021x as first in priority for authentication. I also have >> seen admin-edge enabled on the end system port (spantree) cause >> 8021x to fail also. >> >> Thanks, >> >> Brian Anderson >> >> [email protected] >> <mailto:Brian@ArcadiaSecureIT.**com<[email protected]> >> > >> >> >> Network Engineer >> >> 3000 United Founders Boulevard, Suite 212 >> >> Oklahoma City, Oklahoma 73112 >> >> C +1 (501) 690-3305 <tel:%2B1%20%28501%29%20690-**3305> >> >> F +1 (405) 562-8669 <tel:%2B1%20%28405%29%20562-**8669> >> >> arcadia-secure-it2-long-small >> >> *From:*John Kaftan [mailto:[email protected] >> <mailto:[email protected]>] >> *Sent:* Tuesday, May 07, 2013 11:17 AM >> >> >> *To:* Enterasys Customer Mailing List >> >> *Subject:* [enterasys] Wired 802.1x >> >> >> Working to get 802.1x going on Win 7 wired ports. I have it working >> if I save my credentials in Windows. If I don't save my credentials >> Windows never prompts me for credentials. Packet captures suggest >> that the client never responds to the initial eap packet from the >> switch so the switch never sends the challenge. I have the Wired >> AutoConfig service running. Any ideas? I've been messing with all >> of the settings. I see this happening on two machines both of which >> do fine on wireless 802.1x. >> >> I am using B5s and NAC as my RADIUS server. >> >> Thanks >> >> * --To unsubscribe from enterasys, send email to [email protected] >> <mailto:[email protected]> with the body: unsubscribe enterasys >> [email protected] >> <mailto:Brian@arcadiasecureit.**com<[email protected]> >> > >> >> * --To unsubscribe from enterasys, send email to [email protected] >> <mailto:[email protected]> with the body: unsubscribe enterasys >> [email protected] <mailto:[email protected]> >> >> >> >> >> -- >> >> John Kaftan >> >> IT Infrastructure Manager >> >> Utica College >> >> * --To unsubscribe from enterasys, send email to [email protected] >> <mailto:[email protected]> with the body: unsubscribe enterasys >> [email protected] <mailto:[email protected]> >> >> * --To unsubscribe from enterasys, send email to [email protected] >> <mailto:[email protected]> with the body: unsubscribe enterasys >> [email protected] <mailto:[email protected]> >> >> * --To unsubscribe from enterasys, send email to [email protected] >> <mailto:[email protected]> with the body: unsubscribe enterasys >> [email protected] >> >> -- John Kaftan IT Infrastructure Manager Utica College --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
