Security

last person joined: 13 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Windows 10 Switch User not providing User Credentials to switch and CPPM 6.9.6

This thread has been viewed 16 times
  • 1.  Windows 10 Switch User not providing User Credentials to switch and CPPM 6.9.6

    Posted Jul 28, 2021 03:33 AM
    Apologies if this has been covered previously. I currently have Wired Dot1x configured authenticating to Clearpass (fall back to MAC Auth) and its working well. Current issue that I have is that when another user logs in to the Windows Machine, or switch user is selected, the second users credentials are not passed to the switch, dot1x times out and MAC auth puts the device into the isolated VLAN. Is there a way to give the supplicant a kick in the guts so that it provides the user credentials when it logs in?
    Cheers

    ------------------------------
    Lincoln Brant
    ------------------------------


  • 2.  RE: Windows 10 Switch User not providing User Credentials to switch and CPPM 6.9.6

    Posted Jul 28, 2021 07:56 PM
    Expanding a bit further (and now I'm back in front of the kit) The client is using EAP-PEAP/ EAP-MSCHAP for authentication. Deploying user based certs is way off in the distance. I'm aware of an issue with RDP "When 802.1x authentication mode is configured to user authentication, the supplicant fails to query the user token in the remote desktop session" .
    It looks like something similar is happening with "Switch User" as it exhibits exactly the same symptoms in Clearpass as the RDP issue


    ------------------------------
    Lincoln Brant
    ------------------------------



  • 3.  RE: Windows 10 Switch User not providing User Credentials to switch and CPPM 6.9.6

    Posted Jul 30, 2021 05:37 AM
    If these computers are Domain joined, the logical setting would be either Computer Only, or User/Computer in your supplicant.

    Are you referring to 2 different users logged in at the same time? I just tested that, with a Windows 10 client fully patches/up-to-date/latest version, and I see the following:
    - User admin1 logged in, authentication for admin1
    - Switch user, on the 'switch user scree', the computer authenticates with computer authentication
    - Log in as user1, authenticated as user1
    - Switch user to admin1 (which is still logged in), user authentication as admin1 again.

    This is on wireless but would expect the same on Wired.

    Please reach out to Aruba Support if you see something different, to have this investigated.


    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------