Chaps,
If I enforce machine authentication, the does mean I make sure this part of DOT1X is honored before user authentication right?
I ask this as it works great for Windows, but when I boot up into Linux, I disable cert check and use domain user id and password I get straight in.
I don't have a proper PKI yet - but will do so soon (big job), in the meantime - anyone used device fingerprinting to Identify a non windows machine and stop it from using PEAP-MSCHAPv2?
Thing is, the real troublemakers are going to be running linux I would think (esp. backtrack)
Also the auth type is "8021x-User" and not "802.1x" - anyway of taking advantage of this categorization?
Thanks a mill