I am looking at using machine certs that are already deployed in an environment, for machine authentication. Users do not have certs, just computers, and so we were wanting to have users authenticate with their AD U+P credentials.
The machine-auth role is only for basic access on the corporate network. User credentials should give them their more full user role: e.g. IT Admins get FTP and SSH while Sales doesn't.
When the wireless profile is pushed down from GPO, it is selecting to use the user cert. Is there a way to do what I am looking for, or a recommendation for how to deploy in this environment?