I have a client who uses "roaming profiles" for his staff. When the staff connect to the wireless using 802.1x authentication they are getting a temp profile instead of their server driven roming profile. They are using Windows NPS to do the 802.1x auth. I know that Machine Level authentication is the ticket so I called into Aruba TAC to help make sure I get this setup correctly. They helped a bit but could not get the NPS server to stop rejecting the Machine Auth. I have posted the notes from the case below.
- Issue was setting up machine auth, but not getting roaming profile.
- User was falling in guest role which is the machine auth user-default role
- Changed the user-default-role to guest-logon role in machine authentication
- The user came in guest-logon role. So the machine auth is failing.
- Enabled logging for the particular client.
- Now checked the auth-tracebuff and saw machine auth response as failed from the server
- Informed that we need to verify configurations on the nps server side
We are getting "Machine Auth Status" as FAILED but "User Auth Status" as Passed
"Unfortunately I was not able to find any specific document for configuration on the NPS side for machine auth policy configuration. But In the above tabular column, our scenario is the second one, we need to verify why the machine auth is failing. Kindly verify with the server team on validating the configurations on the machine auth policy."
Does anyone have a direction to point me in here to make sure I have the NPS server setup properly to do both the Machine Auth and the User Auth.