08-31-2012 04:38 PM
We have a 2008 NPS server set up with rules for 2 groups in AD , one for machines and one for users, both get certificates.
The 105 Instant and Radius for user authentication works flawlesly. The instructions to set up machine authentication show drop down boxes after you check Enable Machine Authentication. I don't see those boxes after marking the initial check in the box. How do I get this working? Firmware = 188.8.131.52-184.108.40.206_33617
08-31-2012 06:48 PM
You always do authentication on the NPS server. The decision about what to do when a machine authenticates vs. a user is done on the IAP. If you check the "Enforce Machine Authentication" box, a device that only passes user authentication will get the user authentication only role. A device that only passes machine authentication gets the machine auth only role. A device that passes both gets the default role.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
07-10-2013 08:48 PM
Can you help me explain brief.
After check Enforce machine authentication, which one do i choose for machine auth only box and user auth only box.
Apprecite your earliest reply.
07-16-2013 02:48 PM
I suppose that is pretty clearly described in Instant UG:
Enforce Machine Authentication— You can assign different rights to clients based on whether their
hardware device supports machine authentication. Machine Authentication is only supported on
Windows devices, so this can be used to distinguish between Windows devices and other devices such
- Machine Auth only role - This indicates a Windows machine with no user logged in. The device supports machine authentication and has a valid RADIUS account, but a user has not yet logged in and authenticated.
- User Auth only role - This indicates a known user or a non-Windows device. The device does not support machine auth or does not have a RADIUS account, but the user is logged in and authenticates.
When a device does both Machine and User authentication, the user gets the default role or the derived role based on the RADIUS attribute.
To configure Machine Authentication, do the following:
1. In the Roles window, create a role for Machine auth only and User auth only.
2. Configure Access Rules for these roles by selecting the role, and applying the rule.
3. Select Enforce Machine Authentication and specify these two roles.
4. Click Finish to apply these changes.
Something cool, helpful or interesting in my post - click the Kudos Star.
Helped to solve your problem - Click Accept as Solution