Conferences & Events
Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Dot1x/WPA2 and machine authentication
We are in the process of rolling out the Cisco Identity Services Engine as well as a WPA2 SSID, and have run into an issue, I did some research online and have not come up with much so I was hoping someone else could shed some light on this...
By default Windows will first attempt to do machine authentication, and then if this fails it should move on to user authentication. We have Cisco ISE joined to our domain, and so the domain machines that connect to our WPA2 SSID successfully do machine authentication. However, machines that are not joined to the domain that fail machine authentication (which they should) will at times throw up an authentication failure message in Windows, but not prompt for a username/password to authenticate to the SSID. Sometimes they do, sometimes they don't, it is inconsistent. In Windows 7 if we go into the Advanced settings and specify that it use username/pass only, it works fine. I believe that the default is machine and/or username/pass authentication. Which means anyone with a non domain machine (all of our students!) could experience this issue.
We have shut off machine authentication in ISE, and this has kept the issue from recurring, however we would like to leverage machine authentication at some point, but not if it is going to cause issues with the non domain machines.
Has anyone else experienced this? Any remedies?
Thanks in advance.********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.