Wireless Access

Reply
Frequent Contributor II
Posts: 134
Registered: ‎03-01-2013

host/####.domain.com username

I have an issue with a customer this morning where the username is being populated as "host/694TEA-CXDWD12.domain.com".  The info after the slash seems to be the computer name but I haven't confirmed. This has happened intermittently in the past. This morning there were a lot of entries though. 

 

It shows up under all the networks available that perform dot1x authentication. psk's are not affected.

 

Anyone seen anything like this?

Guru Elite
Posts: 8,761
Registered: ‎09-08-2010

Re: host/####.domain.com username

[ Edited ]

Yes, this is normal behavior in a Windows AD-joined environment. The device is machine authenticating meaning it is using the computer's account instead of the user's account to authenticate.

 

This happens at the login screen. If you do not want this to happen, you would need to configure the clients to use User only authentication, but beware that this will break new user domain login to the computer.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II
Posts: 134
Registered: ‎03-01-2013

Re: host/####.domain.com username

How can I stop it from happening?

 

The customer has firewall rules in place based on username and when the machine logs in, certain resources are unavailable.

Frequent Contributor II
Posts: 134
Registered: ‎03-01-2013

Re: host/####.domain.com username

nevermind, i just saw you already said how to solve. lol

Guru Elite
Posts: 8,761
Registered: ‎09-08-2010

Re: host/####.domain.com username

[ Edited ]

You would need to configure the wireless profile via Group Policy to only User authenticate.

 

The best practice is to ensure that both user and computer authentication is enabled so that once the user logs in, the authentication switches to the User's credentials. It sounds like just Computer authentication is enabled.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II
Posts: 134
Registered: ‎03-01-2013

Re: host/####.domain.com username

From what I can see both are enabled. the host/ logins aren't the only ones I see in the client list. There just seems to be more of them than normal. 

 

Would something be stopping it from switching to the user's credentials?

Frequent Contributor II
Posts: 134
Registered: ‎03-01-2013

Re: host/####.domain.com username

also, is there a way for me to clear these clients so they reauthenticate as the user?

Guru Elite
Posts: 8,761
Registered: ‎09-08-2010

Re: host/####.domain.com username

If the client isn't fully configured, the device can sometimes switch between computer only and user only. The best way to start troubleshooting this is to push down a group policy that hard sets all of the settings.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 8,761
Registered: ‎09-08-2010

Re: host/####.domain.com username

aaa user delete mac <mac-address>

 

This will force the client to reauthenticate.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: