Controllerless Networks

I have a customer that is using an Aruba IAP solulution with a Microsoft NPS server doing 802.1x authentication. The wireless profiles on the end users decices are set to "Automatically use the windows Creds"  They are having issues when account password expires. Users arent able to log in via wireless and change their passwords. I have the NPS server set to allow passwords to be changed but it is not prompting them.  Users have to then plug in using a LAN connection to change their passwords and then all is well.  That is a good work around except for the few users that have Microsoft Surfaces as they do NOT have a LAN port.  I really do not want the users to have to forget their wireless profile and reset them up.  Any other options? 

Do you have machine authentication configured as well? You need to allow Domain Computers to Authenticate so that the machine can have access to the LAN to allow the User to change their credentials.

I do not - How would I set that up ?

Hey, this should help :)

 

http://community.arubanetworks.com/t5/Controller-less-WLANs/Can-we-do-machine-authentication-in-Aruba-Instant/ta-p/181242

I have Machine Auth turned on for the SSID and enforcing Machine Auth with the Machine Auth only and the User Auth only set to the same SSID profile.  Wondering if that was correct or ?   We tried logging into a Domain PC with credentials from a user that hasnt logged into the PC before and we get a "The username and password is incorrect. Try agian" 

 

***I was able to get this to login now on a Windows 7 machine now and change the password.  However on the Microsoft surfaces with users that have never logged into the device before we are unable to get it to log in with the same error as above. 

Do those surface machines have a domain account? Or a wireless profile where you can set computer vs user logon?

Sent from my iPhone