Security

We have a group of computers that have the same name as their user. When these users go to connect on any device (all networks are running eap-tls), it shows Authentication Failure, Unknown User. When entering the username into the Attribute Filter it brings up both the user and computer object.

The computer objects still need to be found for the computer certificates to be checked, and users need to be found to do user cert checks.

Here is our Current Filter:

(|(&(objectClass=user)(cn=%{Authentication:Username}))(&(objectClass=user)(sAMAccountName=%{Authentication:Username})))

Outside of renaming the computers to have unique names from users, What options do I have available?

Shouldn't one of them be

(objectClass=Computer)

We're checking both CN and sAMAccountName due to some odd structures in our AD.

However all our computer objects are still being checked with this query

After taking a further look into our AD schema, it seems that the computer object class is a child of the user object class.

Has anyone done TLS, with machine and user authentication, where the computer and user names are the same? I'm hoping there is a workaround I can get instead of renaming a lot of computers.