ArubaOS and Controllers

Who Me Too'd this topic

Occasional Contributor I

802.1x Machine and User Authentication

Hello I am hoping that someone maybe able to help me understand 802.1x authentication a bit better as I feel I am missing something obvious somewhere.

My aim: to 802.1x authenticate machines and users when they connect to our wireless network to prevent them being able to enter their AD credentials into iphones and gain access to the network.

Reading the Aruba OS 3.4.2 manual it suggests that the above is possible as do many other forum threads but try as I might I can't seem to get it to work.

Firstly perhaps somebody could explain what the "force machine authentication" box in my 802.1x profile means and does. I have assumed that with this enabled when a connection is made to the aruba SSID that a request is made to Radius to validate the machine before then authenticating the user during logon. I have been able to get an 802.1x machine role when using EAP-TLS and a computer certificate and an 802.1x user role when using PEAP MSCHAPv2. I just can't seem to get both user and machine validated and be given the correct role.

It is almost as though when my test AD user logs on to the wireless network only one authentication pass is made to the server.

Do I need to enable MAC Authentiation as well or is this soley for check MAC addresses against a list such as my Internal DB. From what I have read I don't think that this will help me authenticate my machines against an AD group?

We have a Windows 2003 server environment with XP SP2 workstations and use Steel-Belted-Radius for our Radius server.

If someone has successfully implemented the above and wouldn't mind sharing how they did it I would be ever so grateful. Many thanks, Andy
Who Me Too'd this topic