Product and Software: This article applies to all Aruba controllers and ArubaOS 3.3.2.x and later.
The machine name and string is changed when EAP termination is done, so termination is not done on the controller when machine authentication is involved.
The Aruba Controller did not change the machine name and string. IAS performs the lookup and translates the user name from "host\ahejnar-T43.hejnar.com" to "Domain\Hostname-without-domain$" format.
On the other hand, if IAS is terminating the EAP, IAS can look up the computer account location inside A/D(LDAP).
The name format that is appended with $ is the actual one for MSChapv2.
However, it is known limitation that IAS does not allow plain-mschapv2 for machine authentication. Use either Juniper SBR or FreeRADIUS.