Hi everyone,
Hope it is fine to bring up this topic again instead of creating a new one.
Part of a customer Clearpass pilot deployment, I am currently meeting very similar behavior as initial issue raised by Liam_R. However there are few differences with the environment :
- It is wired and not wireless 802.1x authentication.
- NADs are Procurve Switches working along with RADIUS server of ClearPass 6.6.0 communicating with AD. So it is 802.1x port-based access control where ACLs are pushed from Clearpass to switches per port.
- Rest is the same: User and Machine Auth are perform, 2 vLANS (1 restricted if Mach auth only succeeded, 1 allow if User and Mach auth both succeeded).
Just like Liam_R, GPOs aren't properly processed at login and particularly the ones involving network drive mapping.
Good part is that after Herman Robers suggestion regarding the SSO feature, it partially fixed the issue. GPOs were correctly processed and network drive correctly mapped. However this works only in a logoff/login scenario, in a restart/start scenario it doesn't (same initial result with no GPO processed).
Thinking that it could be because network didn't have time to properly start, I tried to enable the option "Always wait for the network at computer startup and logon" and increase the "Startup Policy Processing Wait Time" 60 seconds. Unfortunately nothing changed.
Based on previous posts, I understood that Machine and User should be in the same vLAN but in this case it is not an option for this customer deployment. Moreover the fact it is working in logoff/login scenario and not in start/reboot scenario makes me conclude that switching vLANs between user and computer do not always break the GPO processing, am I right ?
I'm quite new with Aruba and 802.1x auth and even more when it comes to Windows 7 client. Do some of you have maybe more experience with GPOs and have a small hint on what could be the reason of this behavior ?
Please let me know if you need additonal information.
Thank you for your consideration !
Simon