Apple (Mac) machine authentication with Clearpass
08-14-2019 11:31 AM
I am trying to determine the best way to perform machine authentication, both over wired and wireless, to use with our Clearpass policies.
Right now, I have all of the policies based arond the machine authenticated role, which works great for Windows devices. However, the few Macs we have in our environment don't natively do machine auth.
I did find this article which looks promising
However, after trying it, even though it looks like it's creating a profile with the correct username in "host/" format and grabbing the machine auth PW from the keychain, authentication is failing on the clearpass side.
Plus, I found some additional refernces that made it look like we'd also have to change a setting so the machine PW didn't change to prevent issues. That sounds like a pain.
How are most people here handling machine auth for Mac laptops with clearpass? Are there any concise guides for the setup? We don't have a huge Mac userbase, so if it's even a script/profile that has to be installed once via manual execution, that would work. We do own Jamf, but the main Jamf person just left the company and I think that whole product is kind of on hold.
Of course, I could try other options such as checking the host name and if the device is OSX, or checking the username and if the device is OSX, but it seems like it would be easy/possible to spoof both of those scenarios.
I maily am just curious to see if there are any updated/current guides, and what the industry/other people on here are doing in this situation...I'm new to clearpass and NAC in general.
Thanks for the help!