08-23-2016 01:30 PM
We've been using 802.1x wired auth for some time, with user authentication only - certs and settings issued by Onboard
Our wired ports have MAC authentication bypass, so when a BYOD machine connects, at logon screen it gets dumped into the guest VLAN.
For some reason, when the user actually logs in, re-authentiction doesn't seem to occur so the user stays in the guest VLAN.
I noticed there is a 'machine and user' auth setting in the Network Settings -> Authentication page in the Onboard configuration.
I've enabled this, and the cert is pushed to the local computer certificate store, however the computer tries to authenticate using 'host\<Firstname> >Lastname>, rather than UPN (like user auth).
This causes auth to fail.
I can't seem to find where I can change the username, or allow these sorts of authentication attempts?
08-23-2016 01:33 PM
Who is issuing each certificate?
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
08-23-2016 01:37 PM
We use ADCS to issue the certs, the setting below just copies the cert into the Computer store as well, and changes the authentication settings to 'User or Computer' authentication.
Is there a way to get the AD auth source to ignore the 'host' and just lookup the user?
What is the proper way of getting things working with the above setting?