Right, I authenticated again with the PC after doing nothing for 24 hours, and the Machine Authenticated role was not given, only User Authenticated. As you said, "the machine authenticated role is renewed every time the device user authenticates, if the machine authentication role has not expired for that mac address."
Original Message:
Sent: Oct 06, 2023 07:04 AM
From: cjoseph
Subject: Machine Authenticated role for MAC authentication service?
Honestly, you can just not have any rules that act upon Machine Authentication role in a service that does mac authentication.
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
Original Message:
Sent: Oct 06, 2023 06:26 AM
From: cjoseph
Subject: Machine Authenticated role for MAC authentication service?
If your timeout is 24 hours, I would do nothing with that device for 24 hours and see what happens.
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
Original Message:
Sent: Oct 06, 2023 06:23 AM
From: fjulianom
Subject: Machine Authenticated role for MAC authentication service?
Hi Colin,
What a pitty, that's confusing. And when you say "device user authenticates", in my case the device user authentication refers to device MAC authentication, right?
------------------------------
Regards,
Julian
Original Message:
Sent: Oct 06, 2023 06:18 AM
From: cjoseph
Subject: Machine Authenticated role for MAC authentication service?
Do you mean the machine authentication role is renewed when the device user authenticates regardless of the Machine Authentication Cache Timeout setting? - Yes.
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
Original Message:
Sent: Oct 06, 2023 06:14 AM
From: fjulianom
Subject: Machine Authenticated role for MAC authentication service?
Hi Colin,
This device was before a domain PC and passed machine authentication in the past. After that, we took out from the domain the PC. That could answer the question, but the Machine Authentication Cache Timeout is set to 24 hours, and we took the PC out of the domain a week ago. Do you mean the machine authentication role is renewed when the device user authenticates regardless of the Machine Authentication Cache Timeout setting? By the way, no user authentication happens, now is only MAC authentication service.
------------------------------
Regards,
Julian
Original Message:
Sent: Oct 06, 2023 06:03 AM
From: cjoseph
Subject: Machine Authenticated role for MAC authentication service?
A device is marked "machine authenticated" whenever the mac address has passed machine authentication in the past. There is a timeout value that would purge that state, but unfortunately, the machine authenticated role is renewed every time the device user authenticates, if the machine authentication role has not expired for that mac address.
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
Original Message:
Sent: Oct 06, 2023 02:23 AM
From: fjulianom
Subject: Machine Authenticated role for MAC authentication service?
Hi Shpat,
The article talks when you uses 802.1x authentication, which is not my case. I am using MAC authentication, and the PC is not configured for 802.1x.
------------------------------
Regards,
Julian
Original Message:
Sent: Oct 06, 2023 02:04 AM
From: shpat
Subject: Machine Authenticated role for MAC authentication service?
Have you read this article Clearpass 6.7 Deployment Guide
There is a section named Role Assignment with Machine Authentication Enabled where you can see more information.
Hope this helps
------------------------------
Shpat | ACEP | ACMP | ACCP | ACDP |
-Just an Aruba enthusiast and contributor by cases
Original Message:
Sent: Oct 06, 2023 12:56 AM
From: fjulianom
Subject: Machine Authenticated role for MAC authentication service?
Hi community,
I have created a service for MAC authentication. I am testing right now and have a phone and a PC, I have both in a static host list. When they pass authentication, my phone got role [User Authenticated], and my PC got roles [User Authenticated] and [Machine Authenticated]. Is this normal behaviour? I thought the Machine Authenticated role is only for domain PCs. Any idea?
------------------------------
Regards,
Julian
------------------------------