@cjoseph wrote:
... When it is successful, it sets the [Machine Authenticated] role for that device. If a user or machine successfully authenticates for the same device, the cache is reset for 24 hours by default....
This is pretty much working.
The comment about the cache.
The way to fill the [Machine Authenticated] internal role is to fire a bootup or restart while the wireless NIC is firing on the SSID.. with the 'give me EAP creds' popup.
User auth's are implicitly firing all the time in a customer 'business as usual' scenario.
But I worry machine auth's hitting wireless can not be so frequent. I.e. If someone works from cable for a long period of time, they will never get a machine auth against wireless SSID.
I can think of scenario's where machine auth's will never hit wireless SSID (i.e. shutdowns/restarts/bootups can eventuate on cable, and then the user swaps/activity based works off docking station, or whatever, on the fly, and hits the SSID then). And I worry about the cache expiring.
This can happen, no ?
Remembering user/machine auths are only flowing into clearpass over wireless....
Can a user auth success hit also refresh the cache of a machine auth ?
And vice versa ? off the same endpoint/mac address ?