I am using the Aruba wireless setup and want to use Machine + user certificate authentication.
While testing i found that few PCs were sending machine authentication + user authentication roles and allowed them to the network but most of the PCs were sending only user authentication role and those were getting access denied by policy.
Client PCs have the user and machine both the certificates. Also 802.1x client profile have the option "user or computer authentication" selected.
How do I resolve this issue or shall I use only machine auth.
Short answer: use only machine authentication. Your users still have to login to their PCs successfully to get on the network and do anything. A user who has never logged into a PC cannot get onto the wireless network if user+computer authentication is enabled.
Thanks for quick response.
What is the cause for the issue which I am facing currently.
What is the best practices says , whether to use 2 certificate or single certificate.
Machine authentication is sent by the domain device only when the laptop is first booting up, or, when someone logs out of their computer. So for people that lock their computers and do not log out or shut down their computers, their machine authentication status expires in ClearPass after 24 hours, and is no longer machine authenticated. You can extend that parameter in ClearPass to more than 24 hours, but that parameter tracks mac addresses of users who have machine authenticated and can be spoofed to imitate a machine that has already authenticated. In addition, if a user has never authenticated to the machine before, their certificate is not in their user profile, so they cannot connect to the wireless. Those reasons are why it is best to do machine-only authentication, instead of user and machine.
I hope that makes sense.
More info about Machine Auth.. seems like there are issue with it.
Maybe you could also update your progress there if you can solve yours.
And this is how to solve it using regedit.
The OP mentioned they are using certificates, not EAP-PEAP like the thread with the problem.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.