Yes I have tried that. I don't believe I see anything when it fails. I will look again and will also check the syslog.
On Thu, May 9, 2013 at 1:26 PM, Herzog, Gerald <[email protected]>wrote: > Is there any username that is populated in NAC when it fails > authentication? Have you tried specifying "user authentication"? > [image: Inline image 1] > > > On Thu, May 9, 2013 at 1:17 PM, John Kaftan <[email protected]> wrote: > >> It works for me if I go into the network settings and save my >> credentials. It also works if I have a machine that is in the domain and I >> check "Automatically use my Windows logon name and password". That will >> cover 90% of my cases. >> >> However, if a machine is not on the domain and connects I expect that I >> should be prompted by the supplicant to provide credentials. That is the >> part that is not working. >> >> Thanks >> >> John >> >> >> On Thu, May 9, 2013 at 12:08 PM, Kay Avila <[email protected]> wrote: >> >>> John, we've only done limited testing, but so far, authenticating with >>> 802.1x AD machine accounts on Windows 7 has worked successfully for us. >>> Just a thought. >>> >>> >>> On 5/7/2013 6:31 PM, John Kaftan wrote: >>> >>>> Actually it does work when I have that set. I tried that earlier today. >>>> Often in a university though machines are on the network that are not >>>> part of the AD domain, like the first two I was working with. Its crazy >>>> that Windows won't respond the the first eap packet from the switch >>>> unless credentials are configured to be provided automatically. >>>> Wireless prompts just fine. I did some research and it seems that >>>> 802.1x on wired is still unreliable. I found 7 patches to install and >>>> it still doesn't work right. I wonder why wireless is fine but wired >>>> isn't. The protocol has been around since 2002 or so. It should be >>>> fully baked by now. >>>> >>>> John >>>> >>>> On May 7, 2013 7:11 PM, "Robert Perry" <[email protected] >>>> <mailto:[email protected]>**> wrote: >>>> >>>> Have a look at this document, it may help. Specifically look at >>>> section 1.1.10 - This would seem what “MIGHT” be missing ? How >>>> are you disconnecting and reconnecting from the network ? Are you >>>> unplugging the cable ? If you actually logout, you should get >>>> prompted for a new login. >>>> >>>> Best of luck ! >>>> >>>> Best Regards, >>>> >>>> Bob Perry >>>> >>>> *From:*John Kaftan [mailto:[email protected] >>>> <mailto:[email protected]>] >>>> *Sent:* Tuesday, May 07, 2013 2:43 PM >>>> *To:* Enterasys Customer Mailing List >>>> *Subject:* Re: [enterasys] Wired 802.1x >>>> >>>> >>>> That's not good. I want to keep Admin-Edge. I do have 802.1x >>>> listed as first. 802.1x is working just fine if I store my >>>> credentials within the supplicate. My only problem is that I cannot >>>> get prompted by Windows. >>>> >>>> On Tue, May 7, 2013 at 1:34 PM, Brian Anderson - ASI >>>> <[email protected] >>>> <mailto:Brian@arcadiasecureit.**com<[email protected]>>> >>>> wrote: >>>> >>>> There may be some switch config settings that might help. Try >>>> setting 8021x as first in priority for authentication. I also have >>>> seen admin-edge enabled on the end system port (spantree) cause >>>> 8021x to fail also. >>>> >>>> Thanks, >>>> >>>> Brian Anderson >>>> >>>> [email protected] >>>> <mailto:Brian@ArcadiaSecureIT.**com<[email protected]> >>>> > >>>> >>>> >>>> Network Engineer >>>> >>>> 3000 United Founders Boulevard, Suite 212 >>>> >>>> Oklahoma City, Oklahoma 73112 >>>> >>>> C +1 (501) 690-3305 <tel:%2B1%20%28501%29%20690-**3305> >>>> >>>> F +1 (405) 562-8669 <tel:%2B1%20%28405%29%20562-**8669> >>>> >>>> arcadia-secure-it2-long-small >>>> >>>> *From:*John Kaftan [mailto:[email protected] >>>> <mailto:[email protected]>] >>>> *Sent:* Tuesday, May 07, 2013 11:17 AM >>>> >>>> >>>> *To:* Enterasys Customer Mailing List >>>> >>>> *Subject:* [enterasys] Wired 802.1x >>>> >>>> >>>> Working to get 802.1x going on Win 7 wired ports. I have it working >>>> if I save my credentials in Windows. If I don't save my credentials >>>> Windows never prompts me for credentials. Packet captures suggest >>>> that the client never responds to the initial eap packet from the >>>> switch so the switch never sends the challenge. I have the Wired >>>> AutoConfig service running. Any ideas? I've been messing with all >>>> of the settings. I see this happening on two machines both of which >>>> do fine on wireless 802.1x. >>>> >>>> I am using B5s and NAC as my RADIUS server. >>>> >>>> Thanks >>>> >>>> * --To unsubscribe from enterasys, send email to [email protected] >>>> <mailto:[email protected]> with the body: unsubscribe enterasys >>>> [email protected] >>>> <mailto:Brian@arcadiasecureit.**com<[email protected]> >>>> > >>>> >>>> * --To unsubscribe from enterasys, send email to [email protected] >>>> <mailto:[email protected]> with the body: unsubscribe enterasys >>>> [email protected] <mailto:[email protected]> >>>> >>>> >>>> >>>> >>>> -- >>>> >>>> John Kaftan >>>> >>>> IT Infrastructure Manager >>>> >>>> Utica College >>>> >>>> * --To unsubscribe from enterasys, send email to [email protected] >>>> <mailto:[email protected]> with the body: unsubscribe enterasys >>>> [email protected] <mailto:[email protected]> >>>> >>>> * --To unsubscribe from enterasys, send email to [email protected] >>>> <mailto:[email protected]> with the body: unsubscribe enterasys >>>> [email protected] <mailto:[email protected]> >>>> >>>> * --To unsubscribe from enterasys, send email to [email protected] >>>> <mailto:[email protected]> with the body: unsubscribe enterasys >>>> [email protected] >>>> >>>> >> >> >> -- >> John Kaftan >> IT Infrastructure Manager >> Utica College >> >> >> - --To unsubscribe from enterasys, send email to [email protected] the >> body: unsubscribe enterasys >> [email protected] >> >> > > > -- > > *J*erry Herzog > Solutions Engineer > Enterasys Networks, Inc. > A Siemens Enterprise Communications Company > > Mobile +1 330 224 6088 > E-mail [email protected] > > Twitter: @JerryHerzog <http://twitter.com/#!/@JerryHerzog> > > > > > > - --To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] > > -- John Kaftan IT Infrastructure Manager Utica College --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
<<image.png>>
