Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

802.1X EAP failure while connected

Solved
Mark-SPS
Here to help
‎Mar 11 2021 7:18 AM
‎Mar 11 2021 7:18 AM

802.1X EAP failure while connected

Got a bit of a strange issue going on.

 

I'm seeing 802.1X EAP failure with an identity of host/then the full pc name

 

During the time this event occurs the pc is actually connected to the wireless network. It is connected with the normal user credentials.

 

Same MAC address for both the connected and failing events. Same SSID as well.

 

Anyone seen this?

 

Thanks

0 Kudos
Subscribe
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 14 2021 11:24 AM
‎Mar 14 2021 11:24 AM

You don't provide quite enough info to help.

 

Let's assume you are using Windows 10.  Windows 10 (via group policy) can be configured to:

  • Authenticate using only the computer name.  When you do this it can attach to the network prior to the user logging in, apply group policies, and authenticate directly against AD controllers rather than using cached credentials.
  • Authenticating using only the user's login details.  When you do this the computer can't join the WiFi network till after the user has logged in.  As a result, the user can only ever log in using cached credentials, and can never apply group policy changes prior to login.
  • Authenticate using the computer account first, and then the user account.  This is the best of both worlds.  When the computer boots up it connects to WiFi using its account.  Then when the user logs in it re-authenticates as that user.

View solution in original post

0 Kudos
Subscribe
2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 14 2021 11:24 AM
‎Mar 14 2021 11:24 AM

You don't provide quite enough info to help.

 

Let's assume you are using Windows 10.  Windows 10 (via group policy) can be configured to:

  • Authenticate using only the computer name.  When you do this it can attach to the network prior to the user logging in, apply group policies, and authenticate directly against AD controllers rather than using cached credentials.
  • Authenticating using only the user's login details.  When you do this the computer can't join the WiFi network till after the user has logged in.  As a result, the user can only ever log in using cached credentials, and can never apply group policy changes prior to login.
  • Authenticate using the computer account first, and then the user account.  This is the best of both worlds.  When the computer boots up it connects to WiFi using its account.  Then when the user logs in it re-authenticates as that user.
0 Kudos
Subscribe
In response to PhilipDAth
Mark-SPS
Here to help
‎Mar 15 2021 9:45 AM
‎Mar 15 2021 9:45 AM

Thanks for the feedback.

 

Yes you are correct.. I'm using W10. Also WPA2 and windows NPS for authentication.

 

I agree that setting up authentication using the computer account and then user account is best plan and will work on setting that up.

 

After some further testing today I see that no matter how you connect to wireless(pre or post login) it tries a computer account first and then the user account/password you enter.

 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.