User authentication only occurs at the time a user actually logs in. Machine authentication occurs at the ctrl-alt-delete screen. If user logs off, that could trigger machine authentication.
Most secure environments eventually settle on EAP-TLS with machine-only authentication, since the
computer itself will enforce user authentication. The machine will also have access to the network at the CTRL-ALT delete screen to be remotely updated and for group policy updates.
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------
Original Message:
Sent: Jan 25, 2022 10:12 PM
From: ali amjad
Subject: Enforcing both User and Machine auth with ClearPass
Hello,
We are trying to enforce both user and machine authentication on Windows 10 PCs. We have an active directory controller and clearpass 6.8.
On the Windows 10 PC, the 802.1X setting I choose is "User or Computer Authentication".
I was hoping that once the computer is authenticated against the AD (we have an authentication source as our AD), the user authentication will kick in on the client PC but it doesn't.
The computer authentication goes through fine but what should I do to make sure the PC starts user authentication afterwards. The user authentication is username/password based.
Any ideas how this might work.
Thanks,
Ali