Try doing this instead:
- First you need to tag with a custom attribute when the laptop does Machine auth
- Then create a ClearPass post auth enforcement profile using that attribute
- Then use this attribute when the laptop perform machine auth , make sure to put this at the top of your rules so it is apply
- Then in your user auth make sure to add a rule that allows only access when the user is using that laptop
Note: Make sure that in the other rules you include something like this: