Aruba Instant & Cloud Wi-Fi

Reply
New Contributor
Posts: 4
Registered: ‎08-31-2012

Machine Authentication with Instant 105

We have a 2008 NPS server set up with rules for 2 groups in AD , one for machines and one for users, both get certificates.

The 105 Instant and Radius for user authentication works flawlesly. The instructions to set up machine authentication show drop down boxes after you check Enable Machine Authentication. I don't  see those boxes after marking the initial check in the box. How do I get this working? Firmware = 6.1.3.1-3.0.0.1_33617

Guru Elite
Posts: 20,008
Registered: ‎03-29-2007

Re: Machine Authentication with Instant 105

You always do authentication on the NPS server.  The decision about what to do when a machine authenticates vs. a user is done on the IAP.  If you check the "Enforce Machine Authentication" box, a device that only passes user authentication will get the user authentication only role.  A device that only passes machine authentication gets the machine auth only role.  A device that passes both gets the default role.

 

Untitled 2.png

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 5
Registered: ‎07-10-2013

Re: Machine Authentication with Instant 105

Hello,

 

Can you help me explain brief.

 

After check Enforce machine authentication, which one do i choose for machine auth only box and user auth only box.

 

 

Apprecite your earliest reply.

 

 

Regards,

May

Frequent Contributor I
Posts: 97
Registered: ‎04-13-2009

Re: Machine Authentication with Instant 105

I suppose that is pretty clearly described in Instant UG:

 

Enforce Machine Authentication— You can assign different rights to clients based on whether their
hardware device supports machine authentication. Machine Authentication is only supported on
Windows devices, so this can be used to distinguish between Windows devices and other devices such
as iPads.

  •  Machine Auth only role - This indicates a Windows machine with no user logged in. The device supports machine authentication and has a valid RADIUS account, but a user has not yet logged in and authenticated.
  • User Auth only role - This indicates a known user or a non-Windows device. The device does not support machine auth or does not have a RADIUS account, but the user is logged in and authenticates.

When a device does both Machine and User authentication, the user gets the default role or the derived role based on the RADIUS attribute.


To configure Machine Authentication, do the following:
1. In the Roles window, create a role for Machine auth only and User auth only.
2. Configure Access Rules for these roles by selecting the role, and applying the rule.
3. Select Enforce Machine Authentication and specify these two roles.
4. Click Finish to apply these changes.

 

HTH

Marek Krauze, CWNE# 174, ACMX #295, ACDX #356
Something cool, helpful or interesting in my post - click the Kudos Star.
Helped to solve your problem - Click Accept as Solution
Search Airheads
Showing results for 
Search instead for 
Did you mean: