Security

Reply
Occasional Contributor II
Posts: 36
Registered: ‎04-14-2015

Check machine domain membership + user authentication

Dear Members,

We just wondering how we let the users connect to the corporate wifi network more secure.
Unfortunately our customer is not capable of using certificates, but we definitely want to control the connecting machines and users as well.
We've read posts, this one looks promising (http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-MACHINE-AND-USER-AUTHENTICATION-IN-WINDOWS-WITH-CLEARPASS/td-p/227580), but that's not exactly we are looking for.

We'd like to check if a machine is a part of a domain+ the connecting user is providing the right credentials. After both are correct, we'd like to grant access to the corporate wifi network. We want to give IP only after the successful login and machine check. If one of the condition is false, than we'd like to block the connection.

Could you help us, how to set up our customer's ClearPass?
Thank you for your help in advance.

Best regards,

Guru Elite
Posts: 8,178
Registered: ‎09-08-2010

Re: Check machine domain membership + user authentication

If the device passes machine authentication, it is a member of the domain. You can simply use the [Machine Authenticated] TIpS role in your enforcement policy.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 36
Registered: ‎04-14-2015

Re: Check machine domain membership + user authentication

Hi cappalli,

 

Thank you for your prompt answer. We tried to use [Machine Authenticated] TIPS role in our enforcement policy, but we got the default DENY profile back. We did exactly what this link said:

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-MACHINE-AND-USER-AUTHENTICATION-IN-WINDOWS-WITH-CLEARPASS/td-p/227580

 

In my own lab when I used only the Machine authentication, it was ok. If I used both machine and user authentication, it failed.

What could be the reason?

Thank you

Guru Elite
Posts: 8,178
Registered: ‎09-08-2010

Re: Check machine domain membership + user authentication

Please post some screenshots of the access tracker requests (all tabs) and
your enforcement policy.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 36
Registered: ‎04-14-2015

Re: Check machine domain membership + user authentication

Hi cappalli,

I can't post these screenshots, because it contains sensitive information. Is it possible to send it directly to you?

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: