Wireless Access

 View Only
  • 1.  Machine/User Authentication

    Posted Sep 23, 2024 02:47 AM

    I'm fairly new to Aruba but trying to figure this out for a while now. All devices authenticate with 802.1x using their user credentials but I'd like to change this to use machine authentication if they are on a domain-joined PC, they aren't they're prompted for user credentials to join as a guest. Unfortunately, all the documentation I see references ClearPass but which we don't have. Can this still be done? Currently using FortiNAC for our NAC/Radius server.

    Fortinac is joined to the domain so I believe machine authentication is possible but I'm still getting prompted for user credentials even on a domain PC.

    Running Mobility Conductor 8.10.0.9.

    Any guidance is appreciated.



  • 2.  RE: Machine/User Authentication

    Posted Sep 23, 2024 02:55 AM

    The Windows client configuration determines how the client will authenticate to the network (User/Computer/User+Computer; as well the method PEAP [deprecated!!!!], EAP-TLS, TEAP). Then your Radius server (ClearPass in the documentation that you found, but as RADIUS and 802.1X are open standards, will than handle that authentication and return network access attribute, for Aruba typically an Aruba-User-Role and optional Aruba-User-VLAN.

    If you can find how it should be configured with your Radius server (don't know it), it should work on any 802.1X compliant network, regardless the vendor. Only the role/VLAN assignment may be different. You probably can better ask your question in a forum for your NAC solution, as that is where in addition to the client most of the configuration should happen.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------