This isn't so much an Aruba specific problem, but more design related. I have an Aruba wireless environment with Clearpass, Active Directory, and a Windows PKI. Domain users and domain computers are automatically enrolling in a certificate template designed for wireless authentication. This all works great, except for the initial logon.
My group policy tells Windows to logon to the SSID with user or computer certificate. All computers get a certificate when they are imaged on the wired network.
In the case where a user has not logged into a computer before, they are successfully able to authenticate while the computer is on the wireless network authenticated as the computer. However, after the user profile loads, they are unable to connect to the SSID as they do not yet have a certificate on this computer.
What is the best way to design this environment to enable users to logon to a computer for the first time on wireless, without having to get a user certificate with a wired network login first?
I appreciate your time reading this and your thoughts, thank you.