locked
Windows NPS & IAS Problem with Computer accounts (wired 802.1x) RRS feed

  • Question

  • Hello,

    I am deploying DOT1X with Windows 2008 NPS. My problem is with computer accounts. I am able to authenticate users and send them to respective vlans. When i log out the users, computer accounts fail to authenticate. I took some debug outputs from switch

    This is a user account

    08/29/2011 20:43:53.82 <Info:nl.ClientAuthenticated> : Network Login 802.1x user
     TST\bora logged in MAC 00:18:8B:B3:BC:0C port 1 VLAN user_1, authentication Radius

    This is a computer account.

    08/29/2011 20:42:38.56 <Info:nl.ClientAuthFailure> : Authentication failed for Network Login 802.1x user host/osmanaga.tst.int Mac 00:18:8B:B3:BC:0C port 1

    Please check that when a user log in, user name is sent like domain\username. But when computer sends it's account info it goes like host/computername.domain. Does this difference affect my authentication and it fails? Before you ask my computer group is added to an access policie group and has a valid vlan on network

    regards,

    Monday, August 29, 2011 2:01 PM

Answers

  • Hi Kaya,

    Thank you for your post.

    Please open your Wired Network(IEEE802.3) Group policy, ensure the Authentication Mode set to User or Computer authentication.

    If there are more inquiries on this issue, please feel free to let us know.


    Regards,
    Rick Tan
    • Marked as answer by Rick Tan Monday, September 5, 2011 1:46 AM
    Tuesday, August 30, 2011 9:54 AM