Occasional Contributor II
Posts: 17
Registered: ‎08-21-2012

Best Practice for 2 factor authentication

What is the best practice for doing two-factor authentication using a certificate and an Active Directory user id/password?

Posts: 3,009
Registered: ‎10-25-2011

Re: Best Practice for 2 factor authentication

As far i know you cannot do that  or you do EAP PEAP = user + password or you use EAP TLS = User Certificate.


You can do 2 factor authentication by doing EAP PEAP + Enforce machine  OR EAP TLS + Enforce Machine.


The enforce machine will check if the laptop or tablet is in the Active directory group you select(this works perfectly when you got all windows machines)


Hopes it helps





Product Manager - Aruba Networks
Alternetworks Corp
Frequent Contributor II
Posts: 128
Registered: ‎03-13-2008

Re: Best Practice for 2 factor authentication

Machine auth is only authenicated once every 24 hours aginest AD. After the one machine auth happens for the next 24 hours it's using mac auth (mac cache). As the user logs in the username/password is passed to the auth server (Radius/ldap) and then the users is authenicated. 



David Dipert
Search Airheads
Showing results for 
Search instead for 
Did you mean: