Security

We have windows machines having machine certificate s and they are part of AD . They are hitting eap TLS service and this is working

For apple machines , they have user certificate instead of machine certificate , and the apple MAcOS machines are not part of AD

Can we still use same EAp-TLs service for apple machine having user certificate.

What enforcement rules we need to make it work.

Does user certificate shows user authenticated instead of machine authenticated ?

Also apple machines are not joined in AD

---

@cppmadmin wrote:
We have windows machines having machine certificate s and they are part of AD . They are hitting eap TLS service and this is working

For apple machines , they have user certificate instead of machine certificate , and the apple MAcOS machines are not part of AD

Can we still use same EAp-TLs service for apple machine having user certificate.
YES
What enforcement rules we need to make it work.
No specific enforcement policies are necessary.
Does user certificate shows user authenticated instead of machine authenticated ?
YES
Also apple machines are not joined in AD

It should work if you are not restricting EAP-TLS devices to only machine authenticated devices.

---

 

Hi joseph,

I have only one rule configured.

Role equals machine authticated ,and cn names contains arubalabtest ( this is my certificate issuer) and then allow access profile


And default is deny.

So do I have to add another rule with same condition and put user authenticated instead machine ?

You could do that, or you could use the machine or user requirement, period and that should work.

Hi Joseph,

Can you provide rule sample.?

How to use both machine and user authenticated and how to avoid AD check only for Macintosh machine