Security

Hello all,

I'm having an odd issue. I have three main roles (Student, Faculty and Machine) When I log into the MM and view the connected wireless clients the student and faculty users show the username of the user logged on the 802.1x network.

However, we do have a lab with a few wireless Windows 10 clients. Users log on to those PCs using their AD creds and it gives them access to the wifi network as well without an additional prompt. How can I get their AD username to show up like the other roles instead of the hostname of the PC? 

Do I need to specify something specific in my Wireless Network group policy perhaps? I'm kind of stuck.

Thanks for any advice.

Those devices might have been configured in the Wireless Policy to send only the machine authentication, so it would only show as host/<machine name>.  You would have to change the supplicant to send computer and username

Do you happen to know what setting that would be? I feel like i've tried every combination at this point. Here is what my current policy states:

Use Windows wireless LAN network services for clients -Enabled
Shared user credentials for network authentication - Enabled
Hosted networks - Enabled
Allow user to view denied networks - Enabled
Allow everyone to create all user profiles - Enabled
Only use Group Policy profiles for allowed networks - Disabled

Prevent connection to infrastructure networks - Disabled
Prevent connection to adhoc networks - Disabled

Preferred Network Profiles

Profile Name: corp_wifi
Network Type: Infrastructure
Automatically connect to this network - Enabled
Automatically switch to a more preferred network - Disabled

Authentication WPA2
Encryption AES
Use 802.1X Enabled
Pairwise Master Key (PMK) Caching Enabled
PMK Time-to-Live (minutes) 720
Number of Entries in PMK Cache 128
Maximum Pre-authentication Failures 3

Cache user information for subsequent connections to this network Disabled
Computer Authentication - Computer only
Maximum Authentication - Failures 3

Authentication method Protected EAP (PEAP)
Validate server certificate Disabled
Enable fast reconnect Enabled
Disconnect if server does not present cryptobinding TLV Disabled
Enforce network access protection Disabled

Authentication method Secured password (EAP-MSCHAP v2)
Automatically use my Windows logon name and password(and domain if any) Enabled

---

@zshore wrote:

Do you happen to know what setting that would be? I feel like i've tried every combination at this point. Here is what my current policy states:

 

Use Windows wireless LAN network services for clients -Enabled
Shared user credentials for network authentication - Enabled
Hosted networks - Enabled
Allow user to view denied networks - Enabled
Allow everyone to create all user profiles - Enabled
Only use Group Policy profiles for allowed networks - Disabled

Prevent connection to infrastructure networks - Disabled
Prevent connection to adhoc networks - Disabled

Preferred Network Profiles

Profile Name: corp_wifi
Network Type: Infrastructure
Automatically connect to this network - Enabled
Automatically switch to a more preferred network - Disabled

Authentication WPA2
Encryption AES
Use 802.1X Enabled
Pairwise Master Key (PMK) Caching Enabled
PMK Time-to-Live (minutes) 720
Number of Entries in PMK Cache 128
Maximum Pre-authentication Failures 3

Cache user information for subsequent connections to this network Disabled
Computer Authentication - Computer only
Maximum Authentication - Failures 3

Authentication method Protected EAP (PEAP)
Validate server certificate Disabled
Enable fast reconnect Enabled
Disconnect if server does not present cryptobinding TLV Disabled
Enforce network access protection Disabled

Authentication method Secured password (EAP-MSCHAP v2)
Automatically use my Windows logon name and password(and domain if any) Enabled

---