Solved: Re: How do I require client and machine Cert when using EAP-TLS on wireless?

paulle · ‎11-05-2019

I have the same policy in ISE being used for both wired and wireless authorization. In the wired auths I see both user and computer certificates but on the wireless side I only ever see computer certs being used. How do I change this behavior so that it matches the wired ?

Colby LeMaire · ‎11-05-2019

If the computers are only sending computer certificates on Wireless, that is a supplicant configuration issue. You can create a Wireless GPO to push out the correct supplicant settings. If using the built-in Microsoft supplicant, there is an option to do "Machine or User Authentication". It is probably configured to do "Machine Authentication Only".

View solution in original post

Colby LeMaire · ‎11-05-2019

If the computers are only sending computer certificates on Wireless, that is a supplicant configuration issue. You can create a Wireless GPO to push out the correct supplicant settings. If using the built-in Microsoft supplicant, there is an option to do "Machine or User Authentication". It is probably configured to do "Machine Authentication Only".

hslai · ‎11-08-2019

Like Colby.LeMaire said, this depends on the supplicants. Even with Windows native supplicants, the auth mode is configured for individual wireless networks and wired connections.