03-18-2015 04:15 AM
I suspect this is a windows issue rather than Clearpass, but I'm getting really frustrated with it so hope someone can help.
The machines have a user cert and a machine cert installed. I'd like to do an auth with the machine cert and the user cert. This would get round the problem with users having to log out (or even reboot) whenever the [machine authenticated] role times out. I've upped the machine auth cache to the max it can be but this is a security risk and still means that occasionally, users will need to log out or reboot to do the machine auth.
Any ideas or ways I can authenticate both machine and user in one hit?
Solved! Go to Solution.
03-18-2015 04:53 AM
03-18-2015 04:56 AM
Thats really spooky, I was just reading a tweet about the new sensors from you when my email popped up saying you had replied to this.
Anyway, can you point me towards the tutorial?
03-18-2015 05:05 AM
Here you go:
03-18-2015 05:16 AM
Hmmm....that just seems to be a way of caching the machine auth, which happens anyway. It still leaves us open to a security issue in that a machine could still auth after its been removed from AD.
What would be really nice is if windows could do a machine auth whenever it does a user auth.
03-18-2015 10:06 PM
Why not just deploy a machine-only certificate to the devices so that they are always connected. When you configure the WLAN, just use machine-only credentials so that the machine only uses the machine certificate to authenticate to the WLAN. The user will still have to authenticate to windows to get into the machine, run the login script, but the machine will handle the WLAN authentication part, which makes things more stable. You would then have a machine authorized to be on the WLAN with a certificate that cannot be faked, along with an authorized user logging into a Windows machine with Valid Credentials. No machine authentication status caching needed....
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base