The username is determined/sent by the client, and is typically based on the certificate for EAP-TLS. You may have a look at the certificate to better understand where this name is coming from as what I have seen, with AD enrolled certificates, I see the fqdn and not the Netbios/SAMAcccountname (HOSTNAME$). It can be that a modified or just different enrollment template is used for this computer certificate. You may be able to match 'ENDS_WITH $' for the username, which I didn't test but is worth trying.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jan 28, 2024 10:00 PM
From: tckoon
Subject: TEAP/Machine Authneticate
Hi,
I would like to re-pharse my question.
Why I getting AD replied without host/ in method-1 username ?
Authentication:TEAP-Method-1-Username: DESKTOP-942AUBH$
Thanks.
Original Message:
Sent: Jan 24, 2024 07:56 AM
From: tckoon
Subject: TEAP/Machine Authneticate
Hi Herman,
In your Clearpass series "Aruba ClearPass Workshop (2021) - Wireless Access #7 TEAP Authentication (EAP Chaining)"
To utilize the Authentication:TEAP-Method-1-Username for identify its is machine authenticated by matching at the host/ of method 1 username to set role as ws_machine.. But what I get in customer environment , the /host is not there is shown as below and ws_machine role is not match and therefore the enforment policy reject user access.
The issue it compute attribute showing : Authentication:TEAP-Method-1-Username DESKTOP-942AUBH$
not what we want/expect to have Authentication:TEAP-Method-1-Username host/DESKTOP-942AUBH$
Its AD need to change some setting or Clearpass end needs?
Authentication:ErrorCode 0
Authentication:InnerMethod EAP-TLS
Authentication:MacAuth NotApplicable
Authentication:NetBIOS-Name Dxxxxx
Authentication:OuterMethod TEAP
Authentication:Posture Unknown
Authentication:Source Dxxxx_AD
Authentication:Status User, Machine
Authentication:TEAP-Method-1 EAP-TLS
Authentication:TEAP-Method-1-Status Success
Authentication:TEAP-Method-1-Username DESKTOP-942AUBH$
Authentication:TEAP-Method-2 EAP-TLS
Authentication:TEAP-Method-2-Status Success