Wireless Access

Reply
Occasional Contributor II

Machine authentication for windows

Hi all,

 

We were configuring a few user laptops for user and machine authentication . User's laptop does not seem to do machine authention after rebooting a few times. As user laptop did not have the machine authenticated role, they were not allowed access to the wireless network. Anyone encountered a similar issue before? We are using clearpass as the radius for the controller.

 

Thanks.

 

Regards,

Victor

Guru Elite

Re: Machine authentication for windows

User and machine authentication are both enabled in the Windows 1X configuration?

 

In Access Tracker, are you only seeing [User Authenticated] at that time?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: Machine authentication for windows

Have you looked at the machine auth cache time ?

2014-10-03 14_02_33-ClearPass Policy Manager - Aruba Networks.png

 

2014-10-03 14_03_48-ClearPass Policy Manager - Aruba Networks.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: Machine authentication for windows

Hi Tim and Victor,

Thanks for the reply.

I had enabled user or machine auth in the windows dot1x. I did not check the cache timer but doesn't windows do a machine auth each time it reboots?


Guru Elite

Re: Machine authentication for windows

Yes, it should machine auth every time it reboots and also when you log out. The cache timer is set to 24 hours by default, so there is likely no issue there.

 

In access tracker, are you seeing the request with just a [User Authenticated] role?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Machine authentication for windows

Hi Tim,

Yes. I saw the [user authenticated] role but not the [machine authenticated] role.

In access tracker I dun see the machine authentication request. I am assuming no machine authentication requested by the laptop since there pointis no request with the laptop host name. When a machine authentication is attempted, I will see the hostname of the machine as the username. I dun see it at times for certain machine when i reboot (though those machine has successfully authentication as a machine before). That is puzzling to me.

Thanks

Regards,
Victor

Re: Machine authentication for windows

so even at  a reboot you don't see a machine auth request on the ClearPass?

 

i would check your windows settings then, it might be turned off somehow?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: