Occasional Contributor II

Best Practice for 2 factor authentication

What is the best practice for doing two-factor authentication using a certificate and an Active Directory user id/password?

Re: Best Practice for 2 factor authentication

As far i know you cannot do that  or you do EAP PEAP = user + password or you use EAP TLS = User Certificate.


You can do 2 factor authentication by doing EAP PEAP + Enforce machine  OR EAP TLS + Enforce Machine.


The enforce machine will check if the laptop or tablet is in the Active directory group you select(this works perfectly when you got all windows machines)


Hopes it helps





Product Manager - Aruba Networks
Alternetworks Corp
Frequent Contributor II

Re: Best Practice for 2 factor authentication

Machine auth is only authenicated once every 24 hours aginest AD. After the one machine auth happens for the next 24 hours it's using mac auth (mac cache). As the user logs in the username/password is passed to the auth server (Radius/ldap) and then the users is authenicated. 



David Dipert
Search Airheads
Showing results for 
Search instead for 
Did you mean: