rchahboune
If you select the "User or Machine authentication" this will be the login process for AD machines when configured as suggested above:
Windows boots into windows = "Machine Authenticated"
User then successfully logs in with his AD username/password = State moves to "User Authenticated"
With "Enforce Machine Authentication" on the Aruba Controller you will then land in the 802.1x default role for the AAA profile.
If just one of the authentications is successful, the role according to the .1x will trigger.
Check out page 251-253 of 6.4 User Guide.