Colin,
Thank you for the quick response. The link was helpful but it doesnt completely answer my question. Im more or less looking for help on what settings specifically should I be setting on both the RADIUS server and the client to make this work? The link did lead to a possible WZC or GPO setting that may need to be made.
Edit: Now that I think about it, I dont know if its possible to do what it is I want to do using plain old RADIUS aside from putting the actual computers into their respective AD groups. Im trying to accomplish the following:
-When a domain machine boots up, it will perform a machine auth to RADIUS so that the WLC can see that a machine auth has been performed that will satisfy the "enforce machine auth" requirement. RADIUS will be configured to only allow machine known in AD to auth.
-When the user logs in with their credentials, the user auth will take place and RADIUS will then authenticate them using their AD user account and password and depending on what AD group theyre in, they will get a specific VLAN assigned. This is already working by the way, just without the machine auth part.
The goal is to allow only machines known to the domain to be able to connect to the 802.1x WLAN, but the issue is that the machine auth and the user auth are separate transactions so I cannot combine them into the same policy which prevents me from keeping non domain machines off the network. If the non domain machine doesnt match the first "Machine policy" the RADIUS will just move to the next policy in the list that matches only the user, and as long as the user has a valid username and password, their non domain machine will successfully connect.
Would ClearPass help with this situation?