Our wireless network consists of a 3200 controller and AP105s. We are using EAP-TLS through Windows 2008 NPS. Our authentication works fine. What we are seeing is that the logon script does not run everytime. Trying to isolate the issue has been a lesson in frustration. I've tried resolving the issue through "Wait for network" and several other suggestions to no avail. I don't believe the issue to be a result of the Aruba configurations but was curious just what the Internal database entries are for. The entries that are auto created at logon. I assume that it is a caching of some sort to speed up login? I am not using the Internal Database for my authentication directly. I also can't seem to find any information on the use of the Internal database other than configuring it for direct athentication on the controller. Could some one explain it or point me in the right direction? Thanks.
Are you using machine or user certificates?
Yes, both.
Got it.
It was the default machine "Machine Authentication: Default Machine Role". I had it to restrictive. I wasnont getting the policy unless it is set to "Authenticated". I believe that setting should be fine. The machine auth default user roll is set to "logon" and it works fine. Does anyone see any issues with that configuration? I suppose I could create a more restricted but functional role but a machine cannot connect without a machine cert.
Machine auth role should be set to allowall. At that time, nobody can get into the machine unless they authenticate, so there is no vulnerability. It is the equivalent of having a PC plugged in wired at the ctrl-alt-delete screen.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.