I have an issue when doing Windows EAP-TLS on wired Auth - (Windows 10, OS-CX and CPPM) - the environment does NOT use the email as username which is different from most set-ups. Usernames are a 6 digits ID.
The PC has Group Policy and a user cert, but when it authenticate it uses the email address as username - resulting in user not found.
I have 2 options I think
A: Its the PC determines whats sent in the EAP packet and therefore it must be changed on the PC. It can't be influenced by the switch or CPPM
or
B: Is there an option for ClearPass to look at the CN = XXX of the user
The cert on the machine is in the username,