Solved: ISE TEAP - Combine User and Computer Authentication Win10 CredGuard

Nils 86 · ‎06-26-2023

hi,

i am searching for a way to combine computer certificate (eap-tls) and user authentication (mschapv2) in one session. with EAP-TEAP this should be possible, but i have a problem with the user authentication. if the windows 10 feature credential guard is active the username/password cant be used for the mschapv2 part. is this right or a misunderstanding or has anyone a solution for this problem?

i hope any one can help me

best regards nils

ahollifield · ‎06-27-2023

No my understanding is Credential Guard prevents the account credentials from being used directly across the OS. Certificate based auth methods are much preferred.

View solution in original post

ahollifield · ‎06-26-2023

This is correct. Why not use user certificates instead? You can also disable credential guard.

Nils 86 · ‎06-27-2023

hi, completely disabling credential guard is not a good idea becaus of security reasons.

if the user certificate is the only other option, i will try it! thank you

are there any other option with the cisco secure client NAM Module?

regards Nils

ahollifield · ‎06-27-2023

No my understanding is Credential Guard prevents the account credentials from being used directly across the OS. Certificate based auth methods are much preferred.

Aref Alsouqi · ‎06-27-2023

In my opinion TEAP would be a better option comparing to AnyConnect NAM because it is native and doesn't require any additional licenses.