02-03-2013 08:09 AM
Is it possible to create a radius rule that requires a user to be in a security group and be using a domain joined computer.
I created a policy that contains the security group the user is in and I added the computer group "Domain Computers" but this does not work. Security logs show the users is not matching any network policies.
My WiFi policy on the client machine is set o use user or computer authentication. I am running an Aruba 3400, windows 2K8 R2 NPS.
02-03-2013 08:23 AM
It is not possible in NPS. The problem is NPS only acts on the current authentication (user) and not the status of the device that the user is authenticating from (Is this device part of the domain or has it authenticated as a machine in the past?). Other Radius platforms like ClearPass Policy Manager allow you to do this.
As an alternative, you can use "Enforce Machine Authentication" on the controller to solve part of your issue: https://arubanetworkskb.secure.force.com/pkb/artic
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs