There are many Apple MACOS machines which dont have the certificate and dot1x settings are not enabled on them
Those machines are however part of domain . They are hitting the MAC Auth service .
Can i make a rule in enforcement policy to check if the machine is part of domain or not ?
How to do it ?
Any Update ?
I am curious to know more when you say MACOS machines are part of domain. Are they joined to domain same way as Windows devices (can they also perform machine auth)?
Machine auth is one clear way to distinguish a User auth v/s a Machine performing auth and we can perform AD authorization to confirm the AD attributes.
Now coming to your question. We need to see what are the service conditions for your MAC-auth service. Can you share that?
Also could you confirm if the MACOS machines are forwarding the user-name as MAC-Address (meaning it's performing a MAC-auth as well)?
So as long as MAC machines send machine name (just like Windows machines perform machine auth), we could do a enforcemnt check.
Or we can also check for the MAC's machine attributes in AD to validate (but it all depends what usernmae is presented by the device).
MACOS machines are currently doing MAC Authentication and sending mac address as username.
Authentication is to allow ALL MAC and autorization is Endpoint repository .
So within this MAC Auth Service , is it possible to create an enforcement rule to get the Additional check of AD for these macos machines?
Community is not an immediate support channel. If you need immediate assistance, please open a TAC case or engage your Aruba partner.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.