I am attempting to setup clearpass for onboarding users with certs. I got it all working but ran into a slight issue I am not sure how to solve. I have onboard setup to provision the cert to both user and machine. When the user is logged (as user@domain) everything works fine. But when the user logs out the machine sends auth as host/user@domain the authenticatiion fails with an alert of EAP-TLS user unknown.
So I think my question is how to get cert based machine auth working, if I can. Can I take the request in the format of host/user@domain and autenticate it based on a cert that was onboarded? The issue sees to be that the host/ is not striped and is being used as the username. I am not super familar with machine auth and have never done it with onboard and certs.
Ideally I would like to support both machine and user auth using certs as long as I can do both auths via the onboard cert database. I assume since I have the machine cert I would not have to use ad in order to do the auth?