10-07-2014 07:07 AM
I have an issue with a customer this morning where the username is being populated as "host/694TEA-CXDWD12.domain.com". The info after the slash seems to be the computer name but I haven't confirmed. This has happened intermittently in the past. This morning there were a lot of entries though.
It shows up under all the networks available that perform dot1x authentication. psk's are not affected.
Anyone seen anything like this?
Solved! Go to Solution.
10-07-2014 07:08 AM - edited 10-07-2014 07:09 AM
Yes, this is normal behavior in a Windows AD-joined environment. The device is machine authenticating meaning it is using the computer's account instead of the user's account to authenticate.
This happens at the login screen. If you do not want this to happen, you would need to configure the clients to use User only authentication, but beware that this will break new user domain login to the computer.
10-07-2014 07:11 AM - edited 10-07-2014 07:12 AM
You would need to configure the wireless profile via Group Policy to only User authenticate.
The best practice is to ensure that both user and computer authentication is enabled so that once the user logs in, the authentication switches to the User's credentials. It sounds like just Computer authentication is enabled.
10-07-2014 07:16 AM
From what I can see both are enabled. the host/ logins aren't the only ones I see in the client list. There just seems to be more of them than normal.
Would something be stopping it from switching to the user's credentials?
10-07-2014 07:17 AM
If the client isn't fully configured, the device can sometimes switch between computer only and user only. The best way to start troubleshooting this is to push down a group policy that hard sets all of the settings.