Okay here is the scenario
Let say we want that an specific machine does to no log again to the wireless network...
1-I got my machine on the radius_machine_auth group on AD and i delete it from that group
2-I go to the Wireless controller to the user-Database and i delete that mac address entry
I test
1-I disconnect from the wireless network i can still connect if i reconnet
2-I turn off the wireless card turn it on and i still can reconncet
3-i reboot the machine and i still can reconnect..
4-I delete the entry from valid users
The only way i can find to totally kick this machine is by rebooting the wireless controlller
Is this si the way that should work?
besides the enforce mahcine im using EAP TLS and derived roles