Hello!
We have a setup of ClearPass Policy Manager, Aruba switch as NAS, and Windows PC as supplicant.
We have a Wired 802.1x setup using EAP-TLS and it uses both computer and user authentication.
Now, everything works perfectly for current users but not for new users.
I think it is because for new users, we have implemented a kind of auto enroll/BYOD, meaning if user logs in for the first time, it doesnt have a user certificate yet, until logon process is complete.
It does have machine cert though and machine auth works perfectly.
So:
1. User turns on PC, gets profiled correctly, via machine auth using its machine cert
2. User logs in, and for some reason, when we check packet cap, it receives an eap identity request from switch, but PC doesnt respond.
3. it gets, as failover, mac auth, and gets put into a guest vlan
My questions are:
1. is the reason it doesnt respond because it doesnt have any user certificate to give? (PC has network authentication method set to certificate)
2. should i just switch to network authentication that doesnt require a certificate and use username/password instead, then use maybe EAP PEAP as clearpass service?
also appreciate any other solution you can suggest. quite new to clearpass
Thanks in advance!