Security

Reply
Occasional Contributor I
Posts: 8
Registered: ‎08-25-2016

Machine Authenticate issue.

 Dear everybody,

 

I have configured CP integrate with HP 2530-24G switch for authenticating and I meet this issue:

   CP had joined domain, HP switch had configured for port access authen, everything is work but when I configure Machine Authenticate with the guide from this community and issue happen:

    - If laptop hadn't join domain so CP did not show Machine Authenticated. Of course.

    - If laptop joined domain, CP will always show Machine Authenticated even when I login to laptop by local user.

 

I want to create the policy to block user access the network if they do not login to their user domain but it will not work if CP always show Machine Authenticated.

 

Could anybody help me on this issue!

 

Thanks.

 
MVP
Posts: 4,015
Registered: ‎07-20-2011

Re: Machine Authenticate issue.

What you need to do is send a GPO with the wireless profile set the Authentication mode to "user or computer" and to "Automatically use my Windows logon name and password"

https://msdn.microsoft.com/en-us/library/dd759176(v=ws.11).aspx

This should help you with that issue

Get Outlook for iOS
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite
Posts: 19,991
Registered: ‎03-29-2007

Re: Machine Authenticate issue.

If a mac address has machine authenticated, by default the result is cached for 24 hours.  The parameter that controls that behavior is under Administration> Server Manager> Server Configuration> Click on Server> Service Parameters> Select Policy Server Service:

machine-auth.png

Alternatively, you can clear the machine authentication cache manually by clicking on Administration> Server Manager> Server Configuration> Clear Machine Authentication Cache:

cache2.png

 

The reason the cache is in place is because machine authentication only happens when the machine is sitting at the ctrl-alt-delete screen, either because it just rebooted, or because someone logged out.  Many people do not log out of their computers, however  and just lock them.  When they wake their computers up, machine authentication does not take place, so CPPM will think that it is not a domain machine.  The machine authentication cache stores the previous authentication and renews it, every time there is a successful authentication, so that the user does not have to reboot or logout of their machine to demonstrate that this is a domain machine.  I hope this helped.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 8
Registered: ‎08-25-2016

Re: Machine Authenticate issue.

Dear C

 

 

Guru Elite
Posts: 19,991
Registered: ‎03-29-2007

Re: Machine Authenticate issue.

You should be looking in the Access Tracker, under the Summary Tab.  Under "Roles", it should say [Machine Authenticated] and [User Authenticated].  Please post a screenshot of both access tracker messages.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 8
Registered: ‎08-25-2016

Re: Machine Authenticate issue.

Dear Cjoseph,

 

Please kindly check the image below.

1.PNG

2.PNG

3.PNG

 

Hera are the configuration for HP Wire with Onguard and Guest service:

4.PNG

5.PNG

6.PNG

Thank you.

 

 

Occasional Contributor I
Posts: 8
Registered: ‎08-25-2016

Re: Machine Authenticate issue.

Dear Cjoseph,

 

Please kindly check the images below:

1.PNG2.PNG3.PNG

 

Here are the configuraiton on ClearPass:4.PNG5.PNG6.PNG

Thank you.

Occasional Contributor I
Posts: 8
Registered: ‎08-25-2016

Re: Machine Authenticate issue.

Dear Cjoseph,

 

I upload the image and receive the email from airheads that I earn the badge for upload pictures but when I refresh to check it not show my post. So I upload it to my onedrive, please kindly check the link below:

Link 1

Link 2

Link 3

Below is the image for configuration of CP

Link 4

Link 5

Link 6

Thank you.

Guru Elite
Posts: 19,991
Registered: ‎03-29-2007

Re: Machine Authenticate issue.

Do you also have Onguard Installed?

It says that System Posture Status is Infected.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 8
Registered: ‎08-25-2016

Re: Machine Authenticate issue.

Dear Cjoseph,

 

Yes, I have Onguard install. 

I just disable Onguard service and retest again. It still show machine authenticated when pc boot to logon screen and not show machine authenticated when login by domain account as the image that I post in the last reply.

Do you have any advice?

 

Thank you.

Search Airheads
Showing results for 
Search instead for 
Did you mean: