Security

last person joined: 15 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Machine and User Authentication

  • 1.  Machine and User Authentication

    Posted Feb 29, 2012 05:47 PM

    We verify that a computer has both a user cert and machine cert from our PKI before allowing it on the wireless. the problem we seem to have is that when a laptop goes into sleep mode it loses machine auth. you have to reboot or logout and log back in to reconnect. The clients are Windows 7. Anyone seen anything like this?



  • 2.  RE: Machine and User Authentication

    Posted Feb 29, 2012 06:19 PM

    Your machine only "machine authenticates" if it is at the ctrl-alt-delete screen.  There is a timer in in the 802.1x profile under advanced that says how long the controller remembers that a machine has "machine authenticated" after being at the ctrl-alt-delete screen.  It is the "Machine Authentication Cache Timeout" parameter and by default it is only 24 hours, so your machine would have to be at the ctrl-alt-delete screen every 24 hours for the controller to know that it has machine authenticated.

     

    You can find this timer by going to configuration> security> authentication> l2 authentication> 802.1x profile.  Find the profile that corresponds to your WLAN and under advanced, the "Machine Authentication Cache Timeout" parameter should be there.  Extend it as long as you need, so that your users do not have to be log off then log on again.




  • 3.  RE: Machine and User Authentication

    Posted Jul 08, 2012 07:05 PM
    Is there a machine auth default timeout for Instant? If so, is there way to change it?