Security

Hi All,

I've recently setup onboarding for a new client, they are a small organisation and require secure TLS authentication for various domain and non domain connected devices. I have configured onboard for this purpose and all devices appear to have onboarded correctly without issues. Today I have found out about a problem where a different AD user has logged into one of the onboarded devices. Once connected the wifi will not connect.

My current configuration for onboard windows authentication(Onboard » Configration » Network Settings » Enterprise Authentication » Windows Authentication) is "machine and user". Will changing this to "machine" fix the problem that im currently facing??

Thanks for your help!

Richard

Using "Machine" will fix that condition.  You will have to delete the first certificate and wireless configuration from the machine and re-onboard it. 

EDIT FOR MORE CLARIFICATION:  When you use "Machine or User", a machine certificate and user certificate (only for that user) is deployed to the machine, but the second user who attempts to log  in, does not have a user certificate so that they cannot connect to the wireless.  The only purpose for user and machine is if you only want a single user to be able to login, but you still want the machine to be connected and be able to be managed at the ctrl-alt-delete screen.  

If you need ALL users to login, use machine only so that only a machine certificate is deployed, but all users will be able to use that certificate to connect to the wireless.  They still will have to login to the machine with their AD credentials to gain access to anything.  When a user logs off, the machine can still be connected to the wireless and manageable at the ctrl-alt-delete screen.  This is the best setup for a multi-user environment.