09-18-2013 07:38 AM
I am currently working at a customer site where we are deploying the whole kitchen sink when it comes to Clearpass 6.2.1. I have successfully tested and configured the OnGuard persistent agent to work when a user enters their AD credentials. CPPM will then do a CoA for a Cisco wired port and a CoA for an Aruba AP - all as expected.
The one thing that I've come up against is how to tie the OnGuard posture status to a machine authenticated device? The laptop comes up using the "host\sjklafj" format in the Access Tracker and the OnGuard webauth information is tied to the username. It just doesn't appear that the information for the user and the machine authenticated device are linked together.
It may be that the best way to do this is to disable Machine Authentication across the board and simply use User Authentication for the the Windows devices when it comes to Posture assessment.
I'm definitely curious as to some best practices in this area - thanks!