Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Machine Authentication with Instant 105

This thread has been viewed 0 times

  • 1.  Machine Authentication with Instant 105

    Posted Aug 31, 2012 07:39 PM

    We have a 2008 NPS server set up with rules for 2 groups in AD , one for machines and one for users, both get certificates.

    The 105 Instant and Radius for user authentication works flawlesly. The instructions to set up machine authentication show drop down boxes after you check Enable Machine Authentication. I don't  see those boxes after marking the initial check in the box. How do I get this working? Firmware = 6.1.3.1-3.0.0.1_33617



  • 2.  RE: Machine Authentication with Instant 105

    EMPLOYEE
    Posted Aug 31, 2012 09:49 PM

    You always do authentication on the NPS server.  The decision about what to do when a machine authenticates vs. a user is done on the IAP.  If you check the "Enforce Machine Authentication" box, a device that only passes user authentication will get the user authentication only role.  A device that only passes machine authentication gets the machine auth only role.  A device that passes both gets the default role.

     

    Untitled 2.png



  • 3.  RE: Machine Authentication with Instant 105

    Posted Jul 10, 2013 11:48 PM

    Hello,

     

    Can you help me explain brief.

     

    After check Enforce machine authentication, which one do i choose for machine auth only box and user auth only box.

     

     

    Apprecite your earliest reply.

     

     

    Regards,

    May



  • 4.  RE: Machine Authentication with Instant 105

    Posted Jul 16, 2013 05:49 PM

    I suppose that is pretty clearly described in Instant UG:

     

    Enforce Machine Authentication— You can assign different rights to clients based on whether their
    hardware device supports machine authentication. Machine Authentication is only supported on
    Windows devices, so this can be used to distinguish between Windows devices and other devices such
    as iPads.

    •  Machine Auth only role - This indicates a Windows machine with no user logged in. The device supports machine authentication and has a valid RADIUS account, but a user has not yet logged in and authenticated.
    • User Auth only role - This indicates a known user or a non-Windows device. The device does not support machine auth or does not have a RADIUS account, but the user is logged in and authenticates.

    When a device does both Machine and User authentication, the user gets the default role or the derived role based on the RADIUS attribute.


    To configure Machine Authentication, do the following:
    1. In the Roles window, create a role for Machine auth only and User auth only.
    2. Configure Access Rules for these roles by selecting the role, and applying the rule.
    3. Select Enforce Machine Authentication and specify these two roles.
    4. Click Finish to apply these changes.

     

    HTH