Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

802.1X with AD/RADIUS Questions

This thread has been viewed 2 times

  • 1.  802.1X with AD/RADIUS Questions

    Posted Mar 20, 2019 08:26 AM

    We've been on WPA2/PSK for a few years with another wireless vendor and are looking at moving to 802.1X with AD/RADIUS with Aruba.  I have a cluster of MM and VMC's along with some 315 AP's going now and am doing some testing.

     

    The authentication is working correctly, my test machine joins the network using machine authentication.  When I look at clients in the GUI, it shows my Name as "host/(hostname).(domain)".  After logging into AD, that doesn't change to the username, it stays on the machine name.  I thought it should switch from machine authentication to user authentication upon a successful login though.  Is that right?  Am I missing a step somewhere?  The GPO I'm pushing with the wireless settings has Authentication Mode set to "User or Computer Authentication".  I have both VMC's in as RADIUS clients in MS NPS.  I don't have the MM's in, but I don't think that is required.  Wireless does continue working properly after logging in.

     

    Thanks, Jason



  • 2.  RE: 802.1X with AD/RADIUS Questions
    Best Answer

    EMPLOYEE
    Posted Mar 20, 2019 08:33 AM
    Check the client to see what is configured there.


  • 3.  RE: 802.1X with AD/RADIUS Questions

    Posted Mar 20, 2019 10:12 AM

    It was on the NPS/GPO side.  I didn't have my user group allowed, only the computer group.  It's working now and showing my username like it should.