We have machine and user auth working. The issue comes in with many of our users in cases like this:
1) User shuts down laptop and takes it home. They boot up at home and start working on a project. They hibernate the laptop so they don't lose their work and come back to the office. They dock and take the laptop out of hibernation and continue working. They undock - no wireless access. I have them reboot - works fine. Issue is that ClearPass cache times out and the machine never authenticated back in.
2) Company policy is to have wireless disabled when there is a wired connection. This is accomplished with a BIOS setting so there is no user interaction. Users boot up docked, then undock to head to a meeting...no wireless access because the CP server never sees the machine authentication because it booted up with the wireless off.
There are other cases but I believe you get the point. What I am looking to do is have it so domain users cannot onboard devices without going through the onboarding process but also not make users reboot to get on the wireless network.