Security

last person joined: 15 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Users can't authenticate on new laptops

This thread has been viewed 11 times

  • 1.  Users can't authenticate on new laptops

    Posted Oct 09, 2020 03:44 PM

    So I recently deployed wired 802.1x on the office and have a current situation with two laptops.

     

    These were  recently purchased for the employees. The laptops and the users are registered on the AD, however the users are not properly authenticating as employees, so therefore they are not being assigned to the correct network segment.

     

    All the other employees are authenticating just fine. We have tested the employee AD accounts that are not authenticating on the new laptops on older laptops and they authenticate with their accounts just fine in the older laptops. The Windows 10 802.1x settings are the same in the new laptops as the older ones. We have also tried other ports with the same result. In Access Tracker on Clear Pass the AD user authentication doesn't even occur, when I verified the logs it says it didn't find the user in the AD.

     

    I have no idea what;s going on, especially since I haven;t found anything off with the AD settings up till know.

     

    Anyone run into a similar situation? Any help would be appreciated, thanks!



  • 2.  RE: Users can't authenticate on new laptops

    Posted Oct 09, 2020 04:00 PM

    Can you try clearing the AD source cache in CPPM and try again ?

     



  • 3.  RE: Users can't authenticate on new laptops

    Posted Oct 12, 2020 10:00 AM

    Cleared the AD and Machine Authenticated cache. Sadly it didn't help at all....



  • 4.  RE: Users can't authenticate on new laptops

    EMPLOYEE
    Posted Oct 12, 2020 10:06 AM

    Do those devices successfully machine authenticate, when they are at the ctrl-alt-delete prompt?



  • 5.  RE: Users can't authenticate on new laptops

    Posted Oct 12, 2020 12:13 PM

    I believe they are:

    dannylirizarry_0-1602518470305.png

    Another co-worker just added his new laptop to the AD with the same results, it is not verifying the user credentials in the AD. It goes straight to verify the laptop and sends it to the guest segment instead of the employee vlan. I have even tried adding the Computers AD directory in Role Mapping, to no avail.

     

    All the tests I ran was in a laptop already in the AD, and it worked just fine. It is only happening on new Windows 10 laptops added to the AD.

     

    This is how a successful accept looks like when it searches for the credentials and succeeds:

    dannylirizarry_1-1602518759134.png

     



  • 6.  RE: Users can't authenticate on new laptops
    Best Answer

    Posted Oct 12, 2020 12:47 PM
    How’s the laptop wireless profile configured ?Under advanced security settings
    To perform computer or user or just computer ?



    Thank you

    Victor Fabian

    Pardon typos sent from Mobile


  • 7.  RE: Users can't authenticate on new laptops

    Posted Oct 12, 2020 01:53 PM

    Thank you! It looks like some changes were made in the AD and it was set to Machine Authentication only by default on the new laptops, once I set it to User or Machine it works!

     

    dannylirizarry_0-1602524807086.png