Security

Reply
Frequent Contributor II
Posts: 166
Registered: ‎04-17-2013

Mac book user+machine auth/ user+mac auth

HI,

 

I am using User + Machine auth. for windows user and that is woring fine (SSID : Employee). Using self signed certificate.

Now i have Mac book and they are the part of windows domain. 

 

Can i use same SSID & enforcement policy for Mac Book? or if i add one more rule in the same enforcement policy --> User + mac auth.(static host list)

EM service.jpg

If not please suggest alternate more secure solution.

 

Thanks in advance...

 

 

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: Mac book user+machine auth/ user+mac auth

Yes, you can but it's a much more complex authentication as Macs do not natively perform machine authentication. 

How are you managing your Macs? Profile manager or an MDM? 



Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II
Posts: 166
Registered: ‎04-17-2013

Re: Mac book user+machine auth/ user+mac auth

Thanks for quick reply....

 

for system mac, i will use CPPM static host list.

 

Regards,

Nik..

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: Mac book user+machine auth/ user+mac auth

You can only use MAC address as an authorization. The device still needs a machine credential to authenticate. 

How are you managing the devices? 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II
Posts: 166
Registered: ‎04-17-2013

Re: Mac book user+machine auth/ user+mac auth

I will use windows AD for Mac book authentication.

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: Mac book user+machine auth/ user+mac auth

How are you managing your devices? You need to be able to push a network profile down (or manually install on every single device) 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II
Posts: 166
Registered: ‎04-17-2013

Re: Mac book user+machine auth/ user+mac auth

Enforcement profile policy will push  vlan info to authenticated + authorize users.

Please correct if i wrong..

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: Mac book user+machine auth/ user+mac auth

You need a custom configuration profile installed on the devices to be able to do Machine + User authentication. 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II
Posts: 166
Registered: ‎04-17-2013

Re: Mac book user+machine auth/ user+mac auth

i can't do that on all mac book. Is there any alternate authentication method i can use instead of machine authentication?

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: Mac book user+machine auth/ user+mac auth

You're not managing the devices? 

User authentication with MAC address authorization or Onboard would be the alternatives. 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: