02-07-2013 04:19 PM
As far i know you cannot do that or you do EAP PEAP = user + password or you use EAP TLS = User Certificate.
You can do 2 factor authentication by doing EAP PEAP + Enforce machine OR EAP TLS + Enforce Machine.
The enforce machine will check if the laptop or tablet is in the Active directory group you select(this works perfectly when you got all windows machines)
Hopes it helps
Product Manager - Aruba Networks
02-22-2013 10:02 AM
Machine auth is only authenicated once every 24 hours aginest AD. After the one machine auth happens for the next 24 hours it's using mac auth (mac cache). As the user logs in the username/password is passed to the auth server (Radius/ldap) and then the users is authenicated.