Is there any username that is populated in NAC when it fails authentication? Have you tried specifying "user authentication"? [image: Inline image 1]
On Thu, May 9, 2013 at 1:17 PM, John Kaftan <[email protected]> wrote: > It works for me if I go into the network settings and save my credentials. > It also works if I have a machine that is in the domain and I check > "Automatically use my Windows logon name and password". That will cover > 90% of my cases. > > However, if a machine is not on the domain and connects I expect that I > should be prompted by the supplicant to provide credentials. That is the > part that is not working. > > Thanks > > John > > > On Thu, May 9, 2013 at 12:08 PM, Kay Avila <[email protected]> wrote: > >> John, we've only done limited testing, but so far, authenticating with >> 802.1x AD machine accounts on Windows 7 has worked successfully for us. >> Just a thought. >> >> >> On 5/7/2013 6:31 PM, John Kaftan wrote: >> >>> Actually it does work when I have that set. I tried that earlier today. >>> Often in a university though machines are on the network that are not >>> part of the AD domain, like the first two I was working with. Its crazy >>> that Windows won't respond the the first eap packet from the switch >>> unless credentials are configured to be provided automatically. >>> Wireless prompts just fine. I did some research and it seems that >>> 802.1x on wired is still unreliable. I found 7 patches to install and >>> it still doesn't work right. I wonder why wireless is fine but wired >>> isn't. The protocol has been around since 2002 or so. It should be >>> fully baked by now. >>> >>> John >>> >>> On May 7, 2013 7:11 PM, "Robert Perry" <[email protected] >>> <mailto:[email protected]>**> wrote: >>> >>> Have a look at this document, it may help. Specifically look at >>> section 1.1.10 - This would seem what “MIGHT” be missing ? How >>> are you disconnecting and reconnecting from the network ? Are you >>> unplugging the cable ? If you actually logout, you should get >>> prompted for a new login. >>> >>> Best of luck ! >>> >>> Best Regards, >>> >>> Bob Perry >>> >>> *From:*John Kaftan [mailto:[email protected] >>> <mailto:[email protected]>] >>> *Sent:* Tuesday, May 07, 2013 2:43 PM >>> *To:* Enterasys Customer Mailing List >>> *Subject:* Re: [enterasys] Wired 802.1x >>> >>> >>> That's not good. I want to keep Admin-Edge. I do have 802.1x >>> listed as first. 802.1x is working just fine if I store my >>> credentials within the supplicate. My only problem is that I cannot >>> get prompted by Windows. >>> >>> On Tue, May 7, 2013 at 1:34 PM, Brian Anderson - ASI >>> <[email protected] >>> <mailto:Brian@arcadiasecureit.**com<[email protected]>>> >>> wrote: >>> >>> There may be some switch config settings that might help. Try >>> setting 8021x as first in priority for authentication. I also have >>> seen admin-edge enabled on the end system port (spantree) cause >>> 8021x to fail also. >>> >>> Thanks, >>> >>> Brian Anderson >>> >>> [email protected] >>> <mailto:Brian@ArcadiaSecureIT.**com<[email protected]> >>> > >>> >>> >>> Network Engineer >>> >>> 3000 United Founders Boulevard, Suite 212 >>> >>> Oklahoma City, Oklahoma 73112 >>> >>> C +1 (501) 690-3305 <tel:%2B1%20%28501%29%20690-**3305> >>> >>> F +1 (405) 562-8669 <tel:%2B1%20%28405%29%20562-**8669> >>> >>> arcadia-secure-it2-long-small >>> >>> *From:*John Kaftan [mailto:[email protected] >>> <mailto:[email protected]>] >>> *Sent:* Tuesday, May 07, 2013 11:17 AM >>> >>> >>> *To:* Enterasys Customer Mailing List >>> >>> *Subject:* [enterasys] Wired 802.1x >>> >>> >>> Working to get 802.1x going on Win 7 wired ports. I have it working >>> if I save my credentials in Windows. If I don't save my credentials >>> Windows never prompts me for credentials. Packet captures suggest >>> that the client never responds to the initial eap packet from the >>> switch so the switch never sends the challenge. I have the Wired >>> AutoConfig service running. Any ideas? I've been messing with all >>> of the settings. I see this happening on two machines both of which >>> do fine on wireless 802.1x. >>> >>> I am using B5s and NAC as my RADIUS server. >>> >>> Thanks >>> >>> * --To unsubscribe from enterasys, send email to [email protected] >>> <mailto:[email protected]> with the body: unsubscribe enterasys >>> [email protected] >>> <mailto:Brian@arcadiasecureit.**com<[email protected]> >>> > >>> >>> * --To unsubscribe from enterasys, send email to [email protected] >>> <mailto:[email protected]> with the body: unsubscribe enterasys >>> [email protected] <mailto:[email protected]> >>> >>> >>> >>> >>> -- >>> >>> John Kaftan >>> >>> IT Infrastructure Manager >>> >>> Utica College >>> >>> * --To unsubscribe from enterasys, send email to [email protected] >>> <mailto:[email protected]> with the body: unsubscribe enterasys >>> [email protected] <mailto:[email protected]> >>> >>> * --To unsubscribe from enterasys, send email to [email protected] >>> <mailto:[email protected]> with the body: unsubscribe enterasys >>> [email protected] <mailto:[email protected]> >>> >>> * --To unsubscribe from enterasys, send email to [email protected] >>> <mailto:[email protected]> with the body: unsubscribe enterasys >>> [email protected] >>> >>> > > > -- > John Kaftan > IT Infrastructure Manager > Utica College > > > - --To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] > > -- *J*erry Herzog Solutions Engineer Enterasys Networks, Inc. A Siemens Enterprise Communications Company Mobile +1 330 224 6088 E-mail [email protected] Twitter: @JerryHerzog <http://twitter.com/#!/@JerryHerzog> --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
<<image.png>>
