Security

Reply
Frequent Contributor II
Posts: 479
Registered: ‎03-15-2014

authenticating windows local administrator using clearpass issue?

I'm faceing a strange issue , now we have confgured windwos 802.1x tand we check box use windows log on credinitial as 802.1x now when user logged in using the local admin credintial he kicked out of the network so what is the best scnario to solve this?

Guru Elite
Posts: 8,774
Registered: ‎09-08-2010

Re: authenticating windows local administrator using clearpass issue?

You would need to either create a second local administrator account that has a matching account in AD or the local user repository or create an "Administrator" user on the local user repository with the same credentials.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 1,437
Registered: ‎10-25-2011

Re: authenticating windows local administrator using clearpass issue?

uncheck the box and have the user enter in credentials to auth to the network instead. use either mac auth or user auth
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Frequent Contributor II
Posts: 479
Registered: ‎03-15-2014

Re: authenticating windows local administrator using clearpass issue?

Hello tim,

 

I thought the Same but we have a vlan assignment based on switch location (NAD IP Address) and they have around 6 diffrent local admin passwords and also we have the same issue with RDP.

 

Hello Monardo,

 

they want to use this scnario and this check box as all users are authenticationg againest AD .

Guru Elite
Posts: 8,774
Registered: ‎09-08-2010

Re: authenticating windows local administrator using clearpass issue?

Then the only option would be to disable pass-through Windows authentication. Unfortunately this is a Windows limitation, not ClearPass.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II
Posts: 479
Registered: ‎03-15-2014

Re: authenticating windows local administrator using clearpass issue?

Hello Tim from where exactly should I disable this ,and what it will affect ?

Guru Elite
Posts: 8,774
Registered: ‎09-08-2010

Re: authenticating windows local administrator using clearpass issue?

You would disable it in the Windows 802.1X supplicant. With that disabled, users will be prompted to enter network credentials after logging into the machine.

Sent from Mail for Windows 10

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 21,543
Registered: ‎03-29-2007

Re: authenticating windows local administrator using clearpass issue?

Unfortunately, authenticating local administrators on computers is probably not possible because the username for local administrators go to the radius server as <hostname/username>, so it is not as simple as just adding the local username and password.  Like TC said, you would need to manually configure the Windows supplicant to NOT automatically use the username and password, and then manually enter a username and password that is valid.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 479
Registered: ‎03-15-2014

Re: authenticating windows local administrator using clearpass issue?

The issue is customer do not want user to enter their credintial after login as some times windwos 7 notification disapear if he didnt click on it immadiatly so I suggested on them to use a domain administrator instead of local admin but they refuesed saying that we need to fix this issue soo i would need you to tell me how can i convince them technically that this is not possible?

Guru Elite
Posts: 8,774
Registered: ‎09-08-2010

Re: authenticating windows local administrator using clearpass issue?

There are no other options…It’s a Windows limitation.

Sent from Mail for Windows 10

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: