Security

Reply
Highlighted
Guru Elite

Re: authenticating windows local administrator using clearpass issue?

^^what Tim said.

If that would work, it is possible that you have someone with the local password that can still get on your network, because even if you remove a computer from the domain, the local username and password has to be changed manually.. That is not acceptable from a security standpoint.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor I

Re: authenticating windows local administrator using clearpass issue?

Hi Tim,

I'm taking the liberty to bring up again this topic. I'm currently facing similar issue than OP, however it is slightly different as customer is also performing Machine Authentication before User Authentication.

Actually the customer purpose is to logon with laptop's Local Admin account (not in AD either in CP Local Repository, resulting with User Auth failure) and keep IP from restricted vLAN assigned after Machine Authentication. In other words we expected the following:

 

[Machine Auth] OK + [User Auth] FAIL = Keep IP from Mach Auth Restricted vLAN

 

I understood well that unchecking "Auto windows credentials for 802.1x" option would make it work (I will test it asap).

But just to give clear explanation to customer and verify that I understood well, it is not possible to get IP from Machine Auth vLAN if User Auth fails afterwards ? In other words the following :

 

[Machine Authenticated] OK + [User Authenticated] FAIL = FAIL (APIPA IP assigned) ? 

 

Thank you.

 

Guru Elite

Re: authenticating windows local administrator using clearpass issue?

Unfortunately no. When set to both computer + user, it switches to user auth
immediately after login.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: