Security

Dear Members,

We just wondering how we let the users connect to the corporate wifi network more secure.
Unfortunately our customer is not capable of using certificates, but we definitely want to control the connecting machines and users as well.
We've read posts, this one looks promising (http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-MACHINE-AND-USER-AUTHENTICATION-IN-WINDOWS-WITH-CLEARPASS/td-p/227580), but that's not exactly we are looking for.

We'd like to check if a machine is a part of a domain+ the connecting user is providing the right credentials. After both are correct, we'd like to grant access to the corporate wifi network. We want to give IP only after the successful login and machine check. If one of the condition is false, than we'd like to block the connection.

Could you help us, how to set up our customer's ClearPass?
Thank you for your help in advance.

Best regards,

If the device passes machine authentication, it is a member of the domain. You can simply use the [Machine Authenticated] TIpS role in your enforcement policy.

Hi cappalli,

 

Thank you for your prompt answer. We tried to use [Machine Authenticated] TIPS role in our enforcement policy, but we got the default DENY profile back. We did exactly what this link said:

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-MACHINE-AND-USER-AUTHENTICATION-IN-WINDOWS-WITH-CLEARPASS/td-p/227580

 

In my own lab when I used only the Machine authentication, it was ok. If I used both machine and user authentication, it failed.

What could be the reason?

Thank you

Please post some screenshots of the access tracker requests (all tabs) and
your enforcement policy.

Hi cappalli,

I can't post these screenshots, because it contains sensitive information. Is it possible to send it directly to you?