I am trying to setup machine authentication on clearpass for an 802.1x wireless ssid. This will be EAP-TLS. I am having trouble understanding exactly how a device gets the [machine authenticated] role. I have searched and searched and everyone says stuff like.
"Domain machines attempt machine authentication with a username of host/<machine fqdn>. If clearpass sees a device pass authentication with that username it assumes it is a domain machine that has authenticated"
But it doesn't really answer the question. My service is not working and the alert says both "user not found" for ad and "unknown user" for EAP-TLS.
I am trying to figure out exactly what radius attribute is matched to what active directory attribute for machine authentication? So I can figure out why the user is not found.
is "Radius:IETF:User-Name" match to "AD dNSHostName" and if it matches a user is found? Since it is EAP-TLS i assume the user just has to be found in ad as there is no password.
I have searched and searched and just can not seem to find the answer anywhere.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.