I'm doing some research here regarding possible implementations of 802.1x wired authentication with single sign on - domain username/password is used for 802.1x authentication.
Initially user is connected to the network through VLAN without DHCP or any access to any network resource. Basically only wired interface can get authenticated as EAPOL doesn't require any Layer 3 information to be exchanged. This is working fine - after 802.1x authentication nework interface is granted with full access, which is done by throwing it in another VLAN with DHCP and all the needed stuff.
But I have no idea what happens if a user tries to authenticate on the computer where no credentials are cached as user can't reach any domain resources unless the wired interface is authenticated.
So my question - when user enters domain credentials on initial login will 802.1x authentication be performed before logging into domain? Because if initially Windows will try to login with user and then perform 802.1x authentication it will definitely fail as without successful 802.1x computer has no access to domain/AD resources.
Thank you!