This should just work, you could follow the ClearPass Workshop Series, as it configures exactly this.
From your output, it suggests that you configured EAP-PEAP, which you should stay away from as it is broken and insecure, and move to EAP-TLS or TEAP with EAP-TLS instead. The older videos in the playlist above do show PEAP and User or Computer...
If you see the username (or computer's username) in a wrong format, it's probably a matter of changing the LDAP query to query based on the correct field; this video explains how to change the LDAP query.
Also, this is probably trivial to solve if you know how the LDAP queries work and if you understand the LDAP structure and username formats. Aruba TAC should be able to assist in this as well.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Nov 17, 2023 02:47 AM
From: jame.ntt
Subject: Machine authentication is not working at 802.1x wireless on login screen
does someone has solution for this?
Original Message:
Sent: Nov 13, 2023 08:29 PM
From: jame.ntt
Subject: Machine authentication is not working at 802.1x wireless on login screen
Hi @bosborne, thanks for your reply.
I also found the same issue on this community. My problem is same with the below link.
https://community.arubanetworks.com/discussion/windows-using-domainmachinename-during-computer-authentication
Original Message:
Sent: Nov 13, 2023 07:37 AM
From: bosborne
Subject: Machine authentication is not working at 802.1x wireless on login screen
ClearPass is an AAA (Authentication, Authorization, Accounting) server.
Authentication - verify this is indeed the user they claim to be
Authorization: What can they access on the Network?
Accounting: Summary of what they actually did.
For the rest of this discussion I will assume you are referring to Microsoft Windows clients. The OS permits "User OR Machine authentication", not "User AND Machine Authentication". Some network vendors try caching Machine authentication to provide User and Machine authentication. since you do not state what vendor's wireless solution you use, I have no further suggestions.
Otherwise, there is no such thing as two-level authentication.
How are you performing Machine Authentication? Are the Windows clients joined to an on-Prem AD domain or Entra ID (formerly Azure AD) joined?
I will need more detail to help further.
For more information on AAA : https://en.wikipedia.org/wiki/AAA_(computer_security)
------------------------------
Bruce Osborne ACCP ACMP
Liberty University
The views expressed here are my personal views and not those of my employer
Original Message:
Sent: Nov 10, 2023 02:27 AM
From: jame.ntt
Subject: Machine authentication is not working at 802.1x wireless on login screen
We have two level authentication.
- Machine Authentication (before user login, all devices have to connect network with limit access)
- User Authentication ( After user login, users will access to resources with their role)
At wired authentication, machine and user authentication is working fine.
-When we choose only "computer authentication", machine authentication is working. But, as customer's requirement, they need "user authentication" after users login.
-At wireless authentication, machine authentication is not working on login screen before user login when we choose authentication mode as " computer or user authentication" on the computer. Computers always send wrong format domain\hostname$ on login screen. On login screen, computer must send host\fqdn.
-On Wired Authentication, it's working with same profile and same computer. But, on wireless, it's not working.
Any suggestion for this problem? Thanks.