Security

last person joined: 15 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

802.1x Machine and User Auth - looking for a more reliable way

This thread has been viewed 0 times

  • 1.  802.1x Machine and User Auth - looking for a more reliable way

    Posted May 01, 2013 12:32 PM

    We have machine and user auth working. The issue comes in with many of our users in cases like this:

     

    1) User shuts down laptop and takes it home. They boot up at home and start working on a project. They hibernate the laptop so they don't lose their work and come back to the office. They dock and take the laptop out of hibernation and continue working. They undock - no wireless access. I have them reboot - works fine. Issue is that ClearPass cache times out and the machine never authenticated back in.

     

    2) Company policy is to have wireless disabled when there is a wired connection. This is accomplished with a BIOS setting so there is no user interaction. Users boot up docked, then undock to head to a meeting...no wireless access because the CP server never sees the machine authentication because it booted up with the wireless off.

     

    There are other cases but I believe you get the point. What I am looking to do is have it so domain users cannot onboard devices without going through the onboarding process but also not make users reboot to get on the wireless network.



  • 2.  RE: 802.1x Machine and User Auth - looking for a more reliable way

    Posted Aug 22, 2013 05:28 AM

    i don't believe this is possible, machine auth only happens in the crtl-alt-del screen, that is how Windows works.

     

    from windows 7 (or perhaps vista) you can also only auth with machine, so outside of ctrl-al-del screen, but then it isnt machine and user auth anymore.