Hello i got a question
We have a client that does this:
The support team join the machine on the AD domain and set the machine.
They create a user and a random password for the user and then they turn off the machine of their account.
They give the new user the machine so they can log in with their new user -and they can change their random password with the new password
Now i face a problem here, and its that the support team are using a free 802.1x port so they dont have any issue with putting the machine in the AD and all that
But when the new user try to log in with their new user that does not have their profile in that machine and that has never connected to the network they get the error that they cannot connect to the network, it says that the domain is not avaliable, and i should be sure that its connected to the network.
I see in the clearpass that it try to connect doing machine authentication instead of using the user and password
And now that i think. I would have a big problem when we change to eap TLS because there is no way they can get the user certificate if the user has not connected yet to their proflle and download the group policy that give it the user certificate
I don tknow how to go around this.
Does the user has to alwasy authenticate the first time without a port wirhtout the 802.1x authentication?
Any ideas of how you all guys do this ?