Reply
Guru Elite

Machine auth.


Thank you Colin! So when I remove a MAC from the internal database that doesn't reset the machine authentication?

My fear is that while they will still need credentials they will no longer need to use a PC that is a member of our domain. We operate in some very remote areas and our access is often the ONLY internet access in close to a hundred miles so we see people try to plug in their personal devices in at the office and they are technical enough to get it working without machine auth. I actually expect them to figure out MAC spoofing soon as well but you can only do so much!

I may try that on some isolated AP's with users known to have issues to minimize any impact. I wasn't trying to dismiss your guidance at all.

I am also going to open a case tomorrow as well. That you again for all the help!




It does NOT reset the machine authentication for users that are currently connected. You would have to do a "aaa user delete " on the commandline to kick them off, first. The real sure-fire way to get rid of all those issues, is using EAP-TLS.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor II

Re: Authentication Mechanism and failed authentication?

Yeah and we are actually able to do EAP-TLS which we were not able to do a couple of months ago. I have started to documentation to make the switch to EAP-TLS but that is the hardest work and will likely take a couple of months!
Occasional Contributor II

Re: Authentication Mechanism and failed authentication?

In case anyone was curious I tracked down the problem. The systems who were experiencing this issue were all running the Intel ProSet software that includes an 802.1x supplicant. With that software installed I would see the bad_data error and authentication would never succeed. Removing the software has resolved the issue for every system that experienced it.
Highlighted
Occasional Contributor I

Really helpful

Thanks for the follow-up to your post.

We also have very similar problems when using the Intel ProSet software. We are not using MAC to perform machine auth, but are using radius instead (which I think still uses the local DB to create users based on MAC?).

If the Intel ProSet is installed, system’s can’t get on. Tick the box to allow windows to manage the connection, and their good. So we now install the driver without the software.

cjoseph’s post #7 to uncheck enforce machine authentication was also very helpful…thanks for that too.
Occasional Contributor II

Re: Authentication Mechanism and failed authentication?


Thanks for the follow-up to your post.

We also have very similar problems when using the Intel ProSet software. We are not using MAC to perform machine auth, but are using radius instead (which I think still uses the local DB to create users based on MAC?).

If the Intel ProSet is installed, system’s can’t get on. Tick the box to allow windows to manage the connection, and their good. So we now install the driver without the software.

cjoseph’s post #7 to uncheck enforce machine authentication was also very helpful…thanks for that too.




Right we do the same thing, we use machine and user authentication and the Aruba adds MAC addresses for the successfully authenticated machine to the internal database.

I think in the long-run we are going to go to EAP-TLS if we find more issues with PEAP machine authentication.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: