Security

Reply
ryh
Contributor II

Machine TLS and User PEAP

I am looking at using machine certs that are already deployed in an environment, for machine authentication.  Users do not have certs, just computers, and so we were wanting to have users authenticate with their AD U+P credentials.

 

The machine-auth role is only for basic access on the corporate network.  User credentials should give them their more full user role: e.g. IT Admins get FTP and SSH while Sales doesn't.

 

When the wireless profile is pushed down from GPO, it is selecting to use the user cert.  Is there a way to do what I am looking for, or a recommendation for how to deploy in this environment?

 

 

Guru Elite

Re: Machine TLS and User PEAP

No, the Windows supplicant does not allow mixed EAP methods.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
ryh
Contributor II

Re: Machine TLS and User PEAP

Then, would the recommendation be to utilize computer certificates and make permissions based on machine OU, or use EAP-PEAP AD credentials.  Or would it be better to convince the IT department to issue user certificates to individuals and go with pure EAP-TLS?

Guru Elite

Re: Machine TLS and User PEAP

If you want to grant permission based on the computer's OU, EAP-TLS with a machine credential is all that would be required.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: