06-15-2016 11:56 PM
We just wondering how we let the users connect to the corporate wifi network more secure.
Unfortunately our customer is not capable of using certificates, but we definitely want to control the connecting machines and users as well.
We've read posts, this one looks promising (http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-MACHINE-AND-USER-AUTHENTICATION-IN-WINDOWS-WITH-CLEARPASS/td-p/227580), but that's not exactly we are looking for.
We'd like to check if a machine is a part of a domain+ the connecting user is providing the right credentials. After both are correct, we'd like to grant access to the corporate wifi network. We want to give IP only after the successful login and machine check. If one of the condition is false, than we'd like to block the connection.
Could you help us, how to set up our customer's ClearPass?
Thank you for your help in advance.
06-16-2016 12:18 AM
06-16-2016 04:14 AM
Thank you for your prompt answer. We tried to use [Machine Authenticated] TIPS role in our enforcement policy, but we got the default DENY profile back. We did exactly what this link said:
In my own lab when I used only the Machine authentication, it was ok. If I used both machine and user authentication, it failed.
What could be the reason?
06-16-2016 04:35 AM