Security

i thought what i have ended up setting up would be simple.

 

I wanted AD user + computer account authentication.

User auth is easy but i just cannot get the computer auth to work right.

 

All i want is it to check IF the computer account exists in AD + the user authentication and its just not working.

 

What should i do to set that up??

 

I thought setting AD member of a group in the AD auth would do it but that didn't work and still allowed people to login no matter if the computer/phone was in AD or not.

Are your clients configured for both Computer and User authentication? Do you have a rule in your enforcement that checks for both [User Authenticated] and [Machine Authenticated] TIPS roles?

What do i need to do for the clients to be configured for both authentication styles?

 

I am following an example for the tips checks.

 

Can this be done with just the integrated IAP controller and we can just bypass clearpass?

It is recommended to do it via Group Policy.

 

If you want to do it manually, you would configure it in your wireless network connection profile under Advanced.

i am going to ask this simply.

 

What do you recommend being the quickest way to do something similar to what i am looking for?

just checking against a AD account and IF the computer account exists in ad.

 

I was hoping i wouldn't have to configure wireless profiles as the laptops in the company are all different models/ages

If you want to do computer based authentication, you'll have to configure the clients. Using group policy makes this very easy to do.


Thanks,
Tim