With Machine+User auth on WLAN there is a chicken and egg scenerio, where if a user hasn't connected to the domain on a device, then their user cert won't exist on the device yet, so they can't connect. They need to sign in to get the cert. I've done looking around and haven't seen any solid workaround outside of different authentication methods, but I had an idea I wanted some feedback on.
Is there a way to do Machine + user auth, but if the user Auth fails, allow limited access with machine auth so that the user certificate can be generated. The certificate is generated almsot instantly, so we can do a re-auth after a short time period (5s), with machine and user auth again.
I'm not sure if this is possible to set up, so I'm hoping to spitball ideas, and hear waht others have done for this situation.