Wireless Access

Reply
Occasional Contributor I

802.1x authentication with both machine and user certificate. (first logon with new user).

Hi, we are implementing a new WLAN with one of our customers with two Aruba 7200 controllers and Clearpass with the latest versions. We are using Microsoft AD to authenticated the users. The certificates are also coming from Microsoft PKI. The costumer has a mix of Windows 7 and WIN8.1 but will be rolling out Win10 later this year.

The costumer wants to use 802.1x authentication with both machine and user certificates. This works very well, until…. a new user shall use the PC. Then the user have to connect the PC to a switch-port the first time to be able to download the user certificate. I know that this have been a problem to make this work for some years ago, but is it still a problem?

PS:The costumer will go 100% wireless when they roll out the new Aruba WLAN and do not want switchports on the offices except for printers and so one.  

 

Anyone who have make this work, comments?

Guru Elite

Re: 802.1x authentication with both machine and user certificate. (first logon with new user).

This is not possible. There is a race condition in Windows. I would use PEAP instead.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: 802.1x authentication with both machine and user certificate. (first logon with new user).

Thank you for the answer Tim. That's what was what I was afride off.

 

Tom C.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: