I am working on a 802.1X authentication scenario.
I have: IC6500 (4R4), Microsoft AD 2008R2, Juniper EX Switch and Windows 7 Client
I have created several users ang groups in the AD and mapped them into the IC6500.
802.1X is enabled on several ports of the EX.
I also enabled Windows native 802.1X authentication service, so I am not using OAC.
The problem is: At the login screen, once I type user/password I get the following error message:
"there are currently no logon servers available to service the logon request"
I have tried with several test accounts and several scenarios.
Scenario 1. 802.1X disabled at the EX. account: test1 -> I can log into the domain
Scenario 2. 802.1X enabled at the EX. account test2 -> I can not log into the domain
Scenario 3. 802.1X enabled at the EX. account test1 (same as first scenario) -> I can log into the domain
So it looks like windows is caching the account info and using it for login. Of course it doesnÇt work if the account has not been previously used.
Can you download OAC or pulse directly from IC using web access and try dot1x using the OAC or pulse.
Its very important tor us to review logs on this scenario to identify what is the issue, please ensure you have the right dot1x EAP protocol both on end client PC and on IC 6500.
IC user access log will give us more information on this, please review it and see what error u r getting.
Kindly go through the below KB's and document links to resolve your issue:
Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!
And to be sure, based on what I read fro your original posting-- you are attempting to authenticate before the user logs in? Is this correct?
As was stated previous the logs will help. I just did this recently so I'll keep an eye on the thread.