hi ,
I have configured a service using template : " Aruba 802.1X Wireless" on ClearPass 6.5.1 .
I have configured a RADIUS Proxy server for CheckPoint to allow the ChecPoint Identity awarness , and in the enforcement policies have configured this rule :
(Tips : Role EQUALS [ Authenticated User ] )
AND (Tips : Role EQUALS [ Machine Authenticated ] )
Because i need to verify :
- User is an Active Directory users
- Machine is a machine reconized by the Active Directory server ( so not a personal device)
This type of configuration works fine in other environment , in this specific where the only difference is radius proxy , the enforcement policy not works and ALL devices have access .
Other issue that i have encountered is that the cleint request have like username the email: "name.surname@company.com"
I think is due to windows OS, and the authentication fails.
if i force the username in this form "name.surname" all works.
any idea?
thanks in advance