Security

Good morning, I'm configuring 802.1x wireless with my windows 7 devices that are registered in a controller domain. However, I have the following drawback.

The device connects as first authentication as [MACHINE AUTHENTICATION], and after windows is prompted for user credentials, in ClearPass I do not see user authentication.

I made the configuration of the network card from a GPO with the following:


The ClearPass configuration is found this way.

Could they help me to know what may be happening?

Note: I have a mobility controller and this is with EAP-PEAP authentication123456

Remove Single Sign On from the supplicant configuration. Also, you need to properly configure EAP server validation or all of your users credentials are at risk.

Hello, we have also configured without the single sign on and we are not successful either. What do you mean by EAP server validation validation

Ensure that pass through authentication is enabled.

You need to configure server certificate validation. Currently you have it disabled and are running in an incredibly insecure setup.

Ok, I'm going to make that variant, a query, but regardless of whether or not this option is enabled, should I not see in clearpass user authentication and not just machine?

If you get a password prompt and don't see an entry in Access Tracker, it could be that the ClearPass service has too many filters, or you have not enabled the Windows Sign On that you probably tried to configure with the SSO settings. This is how your GPO should look like:

In 2, that is the validation that Tim mentioned, make sure the red-boxed entries are all set, however, change it to the name and CA of your own RADIUS certificate.Then in the 3rd window, tick that Windows should re-use the credentials that you logged in with.

Check this video to see what happens if you don't set the certificate validation.