It's the default behaviour of windows machines to attempt host based authentication if no username is provided. You can disable this by setting username only authentication in the advanced 802.1x settings.
On 02/07/2013, at 5:18 PM, "Read, Simon" <[email protected]<mailto:[email protected]>> wrote: Hi Markus, Thanks for the feedback. When I see the Reject, the hostname appears in the username column. When the PC logs in successfully the username column is populated with the correct username. Does it look like a setting on our PC’s that needs to change? Simon Read Service Engineer Nashua Communications (Pty) Ltd. Unit 10 Growthpoint Business Park, No 2 Tonnetti Street, Midrand, 1685 Cell: +27 (0)84 676 9200 DDI:+27 (0)10 001 3042 Fax: +27 (0)10 001 2500 [email protected]<mailto:[email protected]> www.nashua-communications.com<http://www.nashua-communications.com/> <image001.gif> From: Markus Kaiser [mailto:[email protected]<http://enterasys.com>] Sent: 02 July 2013 09:12 AM To: Enterasys Customer Mailing List Subject: Re: [enterasys] - NAC - 802.1x attempts by hostname rather than username get a reject Hi, are you talking about the hostname from the hostname colomn in NAC Mgr or the hostname, i.e. "host/pcname123" from the username colomn? If you do user authentication, i.e. 802.1X PEAP, or machine/host authentication, i.e. 802.1X EAP-TLS, both times the important "username/hostname" is found in the "username" colomn, not "hostname" colomn in NAC Mgr. The hostname colomn information is not used for 802.1x authentication, the username information from the username colomn is the important/interesting one which is used and needed for 802.1x. Thanks in advance. Kind regards, Markus ___________________________ On 02.07.2013, at 08:37, "Read, Simon" <[email protected]<mailto:[email protected]>> wrote: Hi All, I’ve been monitoring the wired NAC roll-out to one of our departments. All going pretty well, but every now and again a PC will attempt to authenticate using it’s hostname, rather than the username, and gets a Reject. The ICT guys have been disconnecting the PC to get it to re-authenticate again. Has anybody seen this behaviour before and can you suggest a way to prevent or ignore the hostname being sent? Simon Read Service Engineer Nashua Communications (Pty) Ltd. Unit 10 Growthpoint Business Park, No 2 Tonnetti Street, Midrand, 1685 Cell: +27 (0)84 676 9200 DDI:+27 (0)10 001 3042 Fax: +27 (0)10 001 2500 [email protected]<mailto:[email protected]> www.nashua-communications.com<http://www.nashua-communications.com/> <image001.gif> Disclaimer and Confidentiality Note This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the context clearly indicates otherwise, the property of Nashua Communications. It is confidential, private and intended for the addressee only. If you are not the intended recipient and receive this communication in error, you are hereby notified that any review, copying, use, discloser or distribution in any manner whatsoever is strictly prohibited. Please notify the sender immediately that you have received this e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of Nashua Communications. Nashua Communications accepts no liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising from the use of this e-mail communication and/or its attachments. Nashua Communications does not warrant the integrity of this e-mail communication nor that it is free of errors, viruses, interception or interference. Nashua Communications, its divisions and subsidiary companies expressly excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002 (“the ECT”) in respect of e-contracting. No data message or electronic communication will be recognised as having a legal contractual status under the ECT Act. All agreements concluded by Nashua Communications will only be legally binding when reduced to physical writing and physically signed by a duly authorised representative of Nashua Communications. For more information about Nashua Communications, visit our website atwww.nashuacommunications.co.za<http://www.nashuacommunications.co.za> Disclaimer The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful. This email has been scanned for viruses and malware, and automatically archived by Mimecast SA (Pty) Ltd, an innovator in Software as a Service (SaaS) for business. Mimecast Unified Email Management ™ (UEM) offers email continuity, security, archiving and compliance with all current legislation. To find out more, contact Mimecast<http://www.mimecast.co.za/uem>. itevomcid * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]>with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> Disclaimer and Confidentiality Note This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the context clearly indicates otherwise, the property of Nashua Communications. It is confidential, private and intended for the addressee only. If you are not the intended recipient and receive this communication in error, you are hereby notified that any review, copying, use, discloser or distribution in any manner whatsoever is strictly prohibited. Please notify the sender immediately that you have received this e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of Nashua Communications. Nashua Communications accepts no liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising from the use of this e-mail communication and/or its attachments. Nashua Communications does not warrant the integrity of this e-mail communication nor that it is free of errors, viruses, interception or interference. Nashua Communications, its divisions and subsidiary companies expressly excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002 (“the ECT”) in respect of e-contracting. No data message or electronic communication will be recognised as having a legal contractual status under the ECT Act. All agreements concluded by Nashua Communications will only be legally binding when reduced to physical writing and physically signed by a duly authorised representative of Nashua Communications. For more information about Nashua Communications, visit our website atwww.nashuacommunications.co.za<http://www.nashuacommunications.co.za> * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> -- Lucas Hazel <[email protected]<mailto:[email protected]>> Communications Systems Officer (Networks) Infrastructure Services Group Information Technology University of New England Armidale NSW 2351 Phone +61267732666 Mobile +61407569330 --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
