Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

802.1x authentication with both machine and user certificate. (first logon with new user).

This thread has been viewed 1 times

  • 1.  802.1x authentication with both machine and user certificate. (first logon with new user).

    Posted Apr 21, 2016 03:00 AM

    Hi, we are implementing a new WLAN with one of our customers with two Aruba 7200 controllers and Clearpass with the latest versions. We are using Microsoft AD to authenticated the users. The certificates are also coming from Microsoft PKI. The costumer has a mix of Windows 7 and WIN8.1 but will be rolling out Win10 later this year.

    The costumer wants to use 802.1x authentication with both machine and user certificates. This works very well, until…. a new user shall use the PC. Then the user have to connect the PC to a switch-port the first time to be able to download the user certificate. I know that this have been a problem to make this work for some years ago, but is it still a problem?

    PS:The costumer will go 100% wireless when they roll out the new Aruba WLAN and do not want switchports on the offices except for printers and so one.  

     

    Anyone who have make this work, comments?



  • 2.  RE: 802.1x authentication with both machine and user certificate. (first logon with new user).
    Best Answer

    EMPLOYEE
    Posted Apr 21, 2016 07:52 AM
    This is not possible. There is a race condition in Windows. I would use PEAP instead.


  • 3.  RE: 802.1x authentication with both machine and user certificate. (first logon with new user).

    Posted Apr 22, 2016 04:45 AM

    Thank you for the answer Tim. That's what was what I was afride off.

     

    Tom C.