Does anyone have a working config that supports machine authentication where the machine accounts in AD have a different UPN/Suffix than the domain itself? For example, would have an AD domain like 'domain.com' which the machines would be joined to, but their full computer name is 'COMPUTER.client.domain.com', and the 'client.domain.com' part throws off CPPM because it thinks it's a separate domain, but it isn't.
I found this document, trying to follow it, but it is not very clear on the service setup. Do you really need multiple 'services' to do this, one for the normal domain and an additional for just a NETBIOS lookup to that same domain? That would mean I would have to double any services I had setup already, and even more than that since I also have multiple AD domains? I suppose it's possble I could have a 'normal' domain auth list service and a 'netbios' domain auth list, assusming I never had the same name duplicated in any two domains.. If I did, it would be a minimum of two separate services for each domain for each different service I wanted? So to support 4 different authentication services and four different domains I would have to create something like 24 'services', all basically the same??
Also confusing in this document, it says the first service should match 'username contains host/'. That doesn't seem to make sense because all machines would match 'host/'.
If anyone has some screenshots of a setup like this it would be greatly appreciated.
https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-authenticate-machines-from-same-AD-domain-if-some-of-them/ta-p/288470