This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I am sure I have had this working but Just cant get it to now.
So I have a Computer that has a Certificate on it with the SAN - princible name = to email@example.com. This is an auo enroled Cert from my AD.
My Authentication profile says
IF the SSID (called-station) contianes eduroam and Princible name containes @mydomain.com then user a certification authentication profile. (see attachemnt below)
Then my authorization profile says
if active directoy group = "Domian computers" then allow access.
When my computer trys to join it passes the certificate test, but when it gets to the AD group is get the below.
24433 Looking up machine in Active Directory - FY8FCT1firstname.lastname@example.org
24492 Machine authentication against Active Directory has failed
22059 The advanced option that is configured for process failure is used
22062 The 'Drop' advanced option is configured in case of a failed authentication request
But I know my machine is in AD? What do i need to do to get the PC to use EAP-TLS to authenicate and AD group to authorize?
On Admin->Identity Management->External Identity Sources->Active Directory->Advanced Settings tab do you have enable machine authentications checkbox selected?
This accepts all requsts to one SSID and then as you can see if it is EAP TLS uses Cert store (see below), other wise AH
This jsut says if AD Group = /user/domainComputer allow full access (simple rule)
Perhaps try using the "common name" subject attribute not the "other name" subject attribute. In the past, I've used common name for my deployments and it had worked. I also configure it a little differently by configuring an identity source sequence for AD then local with the certificate profile selected. Not saying my way is the right way, just saying how I had achieved success in the past.