Security

Reply
Occasional Contributor II
Posts: 10
Registered: ‎01-29-2013

Supplemental Machine Authentication Failure

Hello,

 

When we implemented our Aruba Network back in 2012 we put in a RADIUS server and began doing 802.1x auth with all capable clients. Since day one, we had issues with domain-joined machines and Machine Authentication. We setup roles where if a device passes machine and user auth, they get full access to our LAN but if they fail machine auth, they are placed in a BYOD role. Various laptops would start out in the full access role but randomly (while in use) move to the BYOD role causing users applications to freeze. We tried everything and eventually settled on issue with the chipsets in the laptops being the issue and turned off machine authentication.

 

Now, after removing all these devices and replacing them with new ones, upon turning machine authentication back on we are having the same issue. Has anyone run into a similar situation and how was it resolved?

 

Thanks,

 

Daniel

Guru Elite
Posts: 21,288
Registered: ‎03-29-2007

Re: Supplemental Machine Authentication Failure

Which radius server is this?  What rules are you using on the radius server and what attributes are you sending back to differentiate between BYOD and machine authenticated?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite
Posts: 8,648
Registered: ‎09-08-2010

Re: Supplemental Machine Authentication Failure

Try increasing the machine authentication cache time.


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 10
Registered: ‎01-29-2013

Re: Supplemental Machine Authentication Failure

This is a Windows-based RADIUS server.

 

I will try increase the machine authentication cache time and see if that makes a difference.

 

Thanks,

Daniel

Search Airheads
Showing results for 
Search instead for 
Did you mean: