Security

Reply
New Contributor

NPS policy question. Require user to be on domain computer.

Is it possible to create a radius rule that requires a user to be in a security group and be using a domain joined computer. 

I created a policy that contains the security group the user is in and I added the computer group "Domain Computers" but this does not work. Security logs show the users is not matching any network policies. 

My WiFi policy on the client machine is set o use user or computer authentication. I am running an Aruba 3400, windows 2K8 R2 NPS. 

 

Thanks

Wayne B. 

Guru Elite

Re: NPS policy question. Require user to be on domain computer.

It is not possible in NPS.  The problem is NPS only acts on the current authentication (user) and not the status of the device that the user is authenticating from (Is this device part of the domain or has it authenticated as a machine in the past?).  Other Radius platforms like ClearPass Policy Manager allow you to do this.

 

As an alternative, you can use "Enforce Machine Authentication" on the controller to solve part of your issue:  https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-801



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: