OK for information I did a test, machine auth not enforced.
Domain machine connecting to the 802.1x wireless network, it authenticated by machine. but only says 802.1x as the auth type.
Non-domain machine connecting to the 802.1x network, it prompted for user auth, again shows 802.1x as the auth type.
then enable machine auth on the aaa profile
domain machine connecting to the 802.1x wireless network, it authenticated by machine. but says 802.1x-machine as the auth type.
Non-domain machine connecting to the 802.1x network, it prompted for user auth, again shows 802.1x-user as the auth type.
OK so that looks fine, but how would you, for instance, have it so the machine connects via machine auth, then you get the Windows GINA and the user logs in, and the connections flips over to be user auth so individual radius attributes can be used to assign a particular role?
Cheers
Dave