Hello Everyone,
In my environment we are about 98% Apple devices which is causing a big headache to make sure we configure them properly. So far I have been able to implement an Apple device profile that contains the SSID and the information on how to get an Active Directory certificate to do TLS connection. So far this option works to make the apple devices connect to the SSID and always have a network connection even while sitting at the log in screen. Also it is required to determine via credentials and Active Directory (approve/deny) to provide the right Tips Role such as Staff vs Student. With the TLS so far I have not been able to figure out how to make the computer to sent the client credentials over to ClearPass to provide the appropriate rights.
The current apple device profile is configured as System, which if we install another apple profile as Log in Window because it contains the same SSID both profiles start to conflict each other. Have you guys been able to implement TLS as "machine authentication" plus user authentication on Apple devices?
Currently the SSID is configured as 802.1x with Active Directory as an authorization source.
My other question will be if I configure Clearpass to be integrated with our MDM solution (Filewave) and receive all the devices database is it possible to do a MAC address authentication for the ones that are own by the company and if they are not company own then continue with the regular process of 802.1x?
I know I mentioned before but please keep in mind that is important to have the machine authentication and the user authentication so we can properly provide the right access as well as being able to have ClearPass send the username to our firewall (Palo Alto).
Thanks to everyone in advance.