We have 802.1X wireless network that has been working with Enforce Machine authentication for years. Windows RADIUS server authentication users and machines, with some apple devices in the Aruba internalDB for the machine authentication work-around
UserOnly Role defaults to role that has same rights as a guest.
Customer recently got 500 Chromebooks and wants them on 802.1X network. They need elevated rights in role different from the guest role.
Adding or manageing these MAC address in the Aruba internal DB is not a valid option.
We recently tried to put in server rules to send specific AD user account for these chromebooks to put in user role with different elevated rights. This did not work, and looking into the communitiy shows that server rules do not work when enforce machine authentication is enabled.
If I disable enforce machine authentication I assume the server rules will work. My question is how this would affect working Machine+User authenticed devices...
When enforce machine authentication is not enabled, does the controller still check to see if the machine authenticates?
Will the valid machine and user accounts still get put in the Fully Authenticated 802.1X role? or will it just check the user authentication pieces and put them in the 802.1x-User role?
thanks for comments and assistance.