I am trying to connect my Macbooks to a new SSID using only EAP-TLS.
I have pushed out an 802.1x profile that details use of EAP-TLS. I have also pushed machine certificates from our ADCS.
Everytime I try to connect to the SSID using EAP-TLS it asks what authentication method I would like to use. I select EAP-TLS, the identity certificate, and leave the username blank.
If I leave the username blank, it uses the name of the certificate, which is the correct username. However, if I put in a username it will authorize using that username against that username's AD groups. Is there a way to force the username to always be part of the certificate and not allow users to put in a random username?