Hi guys
I have been doing 802.1x with both machine and user authentication for a while.
Usually we push an internal certificate to domains computers along with SSID setup, this works quite well.
One problem i see on a regular basis is that idle computers or computers that has been hibernated loose their machine authentication.
This is resolved by logging of the user and back on again or a reboot.
Is there a way to keep the machine in the cache? I know there is a user idle timeout on each AAA profile, but i'm not sure if this can achieve what i'm looking for. When a user is idle past this timer, it will we removed anyway.
Can this problem be solved by using ClearPass as a authentication proxy towards a domain controller and add a MAC cache to prevent the machines from being removed from the cache?
Roar