Security

Reply
Frequent Contributor II

Mac book user+machine auth/ user+mac auth

HI,

 

I am using User + Machine auth. for windows user and that is woring fine (SSID : Employee). Using self signed certificate.

Now i have Mac book and they are the part of windows domain. 

 

Can i use same SSID & enforcement policy for Mac Book? or if i add one more rule in the same enforcement policy --> User + mac auth.(static host list)

EM service.jpg

If not please suggest alternate more secure solution.

 

Thanks in advance...

 

 

Guru Elite

Re: Mac book user+machine auth/ user+mac auth

Yes, you can but it's a much more complex authentication as Macs do not natively perform machine authentication. 

How are you managing your Macs? Profile manager or an MDM? 



Thanks, 
Tim

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor II

Re: Mac book user+machine auth/ user+mac auth

Thanks for quick reply....

 

for system mac, i will use CPPM static host list.

 

Regards,

Nik..

Guru Elite

Re: Mac book user+machine auth/ user+mac auth

You can only use MAC address as an authorization. The device still needs a machine credential to authenticate. 

How are you managing the devices? 


Thanks, 
Tim

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor II

Re: Mac book user+machine auth/ user+mac auth

I will use windows AD for Mac book authentication.

Guru Elite

Re: Mac book user+machine auth/ user+mac auth

How are you managing your devices? You need to be able to push a network profile down (or manually install on every single device) 


Thanks, 
Tim

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor II

Re: Mac book user+machine auth/ user+mac auth

Enforcement profile policy will push  vlan info to authenticated + authorize users.

Please correct if i wrong..

Guru Elite

Re: Mac book user+machine auth/ user+mac auth

You need a custom configuration profile installed on the devices to be able to do Machine + User authentication. 


Thanks, 
Tim

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor II

Re: Mac book user+machine auth/ user+mac auth

i can't do that on all mac book. Is there any alternate authentication method i can use instead of machine authentication?

Guru Elite

Re: Mac book user+machine auth/ user+mac auth

You're not managing the devices? 

User authentication with MAC address authorization or Onboard would be the alternatives. 


Thanks, 
Tim

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: