I need to get Machine Authentication working properly over wireless for a small subset of my clients to work properly. We use WPA2 Enterprise authentication, and these clients are usually failing on boot with an error that they can't reach an AD server.
Aruba 3600 Controller (ArubaOS 184.108.40.206) - I do NOT have the PEF module
Aruba AP105 Access Points
Microsoft Windows 2008R2 NPS Server
Microsoft Windows 7 Enterprise Client
These things seem to randomly decide when they want to work. Sometimes you'll boot and it will authenticate a non-cached user with no issue. Others will fail miserably. In the few things I've seen on the forums that have matched my situation, it looks like most everyone has the PEF-NG module, so I'm hoping this is not a requirement to allow machine auth.
Has anyone got this working? It seems like voodoo magic to me at the moment... but I'm not an AD guy at all :-)
PEF-NG is not required for machine authentication. Having PEF-NG would allow you to place clients into different roles (with unique firewall policies) based upon AD security groups and to prevent users from connecting to your network with non-domain devices among other things.
Check the following:
1) Ensure that Termination is disabled in the 802.1X authentication profile
2) Verify that the remote access policy on NPS includes authentication from Domain Computers
3) Verify that the clients are configured to authenticate with machine credentials
4) Verify that the client has the public cert for the CA which issued a cert to the RADIUS server
If things still are not working, look at the NPS logs in event viewer and see what reason is given for clients that are rejected.
@xdrewpjx wrote: Check the following: 1) Ensure that Termination is disabled in the 802.1X authentication profile2) Verify that the remote access policy on NPS includes authentication from Domain Computers3) Verify that the clients are configured to authenticate with machine credentials4) Verify that the client has the public cert for the CA which issued a cert to the RADIUS server
I'm betting my problem is #2 here. Not being an AD guy with control over these things, I'm betting my NPS admin never set this up. I'll follow up with my findings!
Sort of all of the above here. We're up and running now though!
Go through This Document . In my organisation also we did the same but we are having the PEF license.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.