Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Machine Authentication - How

This thread has been viewed 9 times

  • 1.  Machine Authentication - How

    Posted 5 days ago

    Dear Experts, 

    One of the customer is using EAP-PEAP (MSCHAPv2) to do user credentials authentication. They want to do computer authentication to make sure that only domain joined machines are getting the correct roles. However what i dont understand is, in user's case we can match different criteria like OU, SG etc, but in computers case how its done? Do we only change if machine authentication is successful?

    if yes, can someone tell me or share the sample policy how to match the correct domain for machine authentication?



  • 2.  RE: Machine Authentication - How

    EMPLOYEE
    Posted 5 days ago

    Two ways, one is preferred:

    1. Use TEAP and chained EAP requests to authenticate the device and user at the same time.
    2. Configure the supplicant for Computer and User auth which will require the computer to go through a device level authentication first and then mark that endpoint as domain joined, use that endpoint attribute as a further check during user auth.

    Note, both options are only applicable to Windows.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


  • 3.  RE: Machine Authentication - How

    Posted 3 hours ago

    Don't use AD credentials.  Use certificates instead.  Note Credential Guard on modern Windows versions.


    Original Message