Dear Colleagues,
I'm facing a problem when implement SNAC solution.
Here are our environment
1. All endpoint computers join one domain,
2. we use Full 802.1x Mode - With RADIUS authentication.
3. client computers are 802.1x enabled and configured with PEAP with mschapv2 authentication.
4. Users' domain account password can be modified by a web application.
Image this scenario:
when a user modifies his password through the web application, how could he logon his computer with his new password?
To my understanding, after user typing username and new password to logon, client computer can not contact domain controllers yet because SNAC will block it, thus authentication will be fail.Am I right?
If it does, how to deal with such situation?
Any comments are appreciated.
Regards
Ethan