Occasional Contributor II

Clearpass Machine authentication

I am trying to setup machine authentication on clearpass for an 802.1x wireless ssid.  This will be EAP-TLS.  I am having trouble understanding exactly how a device gets the [machine authenticated] role.  I have searched and searched and everyone says stuff like.


"Domain machines attempt machine authentication with a username of host/<machine fqdn>.  If clearpass sees a device pass authentication with that username it assumes it is a domain machine that has authenticated"


But it doesn't really answer the question.  My service is not working and the alert says both "user not found" for ad and "unknown user" for EAP-TLS.  


I am trying to figure out exactly what radius attribute is matched to what active directory attribute for machine authentication? So I can figure out why the user is not found.


is "Radius:IETF:User-Name" match to "AD dNSHostName" and if it matches a user is found?  Since it is EAP-TLS i assume the user just has to be found in ad as there is no password.


I have searched and searched and just can not seem to find the answer anywhere.

Search Airheads
Showing results for 
Search instead for 
Did you mean: