Security

Reply
Occasional Contributor II
Posts: 16
Registered: ‎09-16-2014

What am i missing? I want User + Computer authentication, NEED HELP

i thought what i have ended up setting up would be simple.

 

I wanted AD user + computer account authentication.

User auth is easy but i just cannot get the computer auth to work right.

 

All i want is it to check IF the computer account exists in AD + the user authentication and its just not working.

 

What should i do to set that up??

 

I thought setting AD member of a group in the AD auth would do it but that didn't work and still allowed people to login no matter if the computer/phone was in AD or not.

Guru Elite
Posts: 8,178
Registered: ‎09-08-2010

Re: What am i missing? I want User + Computer authentication, NEED HELP

Are your clients configured for both Computer and User authentication? Do you have a rule in your enforcement that checks for both [User Authenticated] and [Machine Authenticated] TIPS roles?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 16
Registered: ‎09-16-2014

Re: What am i missing? I want User + Computer authentication, NEED HELP

[ Edited ]

What do i need to do for the clients to be configured for both authentication styles?

 

I am following an example for the tips checks.

 

Can this be done with just the integrated IAP controller and we can just bypass clearpass?

Guru Elite
Posts: 8,178
Registered: ‎09-08-2010

Re: What am i missing? I want User + Computer authentication, NEED HELP

It is recommended to do it via Group Policy.

 

If you want to do it manually, you would configure it in your wireless network connection profile under Advanced.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 16
Registered: ‎09-16-2014

Re: What am i missing? I want User + Computer authentication, NEED HELP

i am going to ask this simply.

 

What do you recommend being the quickest way to do something similar to what i am looking for?

just checking against a AD account and IF the computer account exists in ad.

 

I was hoping i wouldn't have to configure wireless profiles as the laptops in the company are all different models/ages

Guru Elite
Posts: 8,178
Registered: ‎09-08-2010

Re: What am i missing? I want User + Computer authentication, NEED HELP

If you want to do computer based authentication, you'll have to configure the clients. Using group policy makes this very easy to do.


Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: