Security

Reply
Highlighted
Frequent Contributor I

domain membership of a machine hitting MAC auth service

There are many Apple MACOS machines which dont have the certificate and dot1x settings are not enabled on them

 

Those machines are however part of domain . They are hitting the MAC Auth service .

 

Can i make a rule in enforcement policy to check if the machine is part of domain or not ?

 

How to do it ?

Highlighted
Frequent Contributor I

Re: domain membership of a machine hitting MAC auth service

Any Update ?

Highlighted
New Contributor

Re: domain membership of a machine hitting MAC auth service

Hello,

 

I am curious to know more when you say MACOS machines are part of domain. Are they joined to domain same way as Windows devices (can they also perform machine auth)?

 

Machine auth is one clear way to distinguish a User auth v/s a Machine performing auth and we can perform AD authorization to confirm the AD attributes.

 

Now coming to your question. We need to see what are the service conditions for your MAC-auth service. Can you share that?

 

Also could you confirm if the MACOS machines are forwarding the user-name as MAC-Address (meaning it's performing a MAC-auth as well)?

 

So as long as MAC machines send machine name (just like Windows machines perform machine auth), we could do a enforcemnt check.

 

Or we can also check for the MAC's machine attributes in AD to validate (but it all depends what usernmae is presented by the device).

Highlighted
Frequent Contributor I

Re: domain membership of a machine hitting MAC auth service

MACOS machines are currently doing MAC Authentication and sending mac address  as username.

 

Authentication is to allow ALL MAC and autorization is Endpoint repository .

 

So within this MAC Auth Service , is it possible to create an enforcement rule to get the Additional check of AD for these macos machines?

 

Highlighted
Frequent Contributor I

Re: domain membership of a machine hitting MAC auth service

Waiting for an update?
Highlighted
Moderator

Re: domain membership of a machine hitting MAC auth service

Community is not an immediate support channel. If you need immediate assistance, please open a TAC case or engage your Aruba partner.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: