802.1x Machine and User Auth - looking for a more reliable way
05-01-2013 09:32 AM - edited 05-01-2013 01:39 PM
We have machine and user auth working. The issue comes in with many of our users in cases like this:
1) User shuts down laptop and takes it home. They boot up at home and start working on a project. They hibernate the laptop so they don't lose their work and come back to the office. They dock and take the laptop out of hibernation and continue working. They undock - no wireless access. I have them reboot - works fine. Issue is that ClearPass cache times out and the machine never authenticated back in.
2) Company policy is to have wireless disabled when there is a wired connection. This is accomplished with a BIOS setting so there is no user interaction. Users boot up docked, then undock to head to a meeting...no wireless access because the CP server never sees the machine authentication because it booted up with the wireless off.
There are other cases but I believe you get the point. What I am looking to do is have it so domain users cannot onboard devices without going through the onboarding process but also not make users reboot to get on the wireless network.
Re: 802.1x Machine and User Auth - looking for a more reliable way
08-22-2013 02:28 AM - edited 08-22-2013 05:38 AM
i don't believe this is possible, machine auth only happens in the crtl-alt-del screen, that is how Windows works.
from windows 7 (or perhaps vista) you can also only auth with machine, so outside of ctrl-al-del screen, but then it isnt machine and user auth anymore.