03-20-2017 09:01 AM
Just wanted to check if there is a way to authenticate Mac IOS X - machine authentication and User authentication against our ISE? If it is not supported, is there any alternative way?
Solved! Go to Solution.
03-28-2017 01:42 PM
In general Mac OS will use System Profile or User Profile, but not both. Even if mixed System with Login, it would still be treated as separate authentications, so may be able to support MAR with its known limitations. Unless Apple adopts TEAP (RFC 7170), then you will not have a truly combined Machine+User auth based on 802.1X.
The CiscoLive session does discuss other ways to marry machine "identity" with user identity. Options include:
/Craig
03-20-2017 12:17 PM
Although title and abstract do not match, this topic is covered in this session from Melbourne:
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=94624&backBtn=true
03-28-2017 01:42 PM
In general Mac OS will use System Profile or User Profile, but not both. Even if mixed System with Login, it would still be treated as separate authentications, so may be able to support MAR with its known limitations. Unless Apple adopts TEAP (RFC 7170), then you will not have a truly combined Machine+User auth based on 802.1X.
The CiscoLive session does discuss other ways to marry machine "identity" with user identity. Options include:
/Craig
02-06-2019 08:24 AM
Hi Craig,
I know this is a rather old post but, do you have the number of the session to search it on cisco live library?
Thanks!
James
02-25-2020 11:18 AM
Could you please re-upload the video in question? I get a 404 error when I hit the page.
03-21-2017 12:21 AM
Apple describes this in one of their own Guides.
macOS knows 3 Authentication modes.
System Mode = Machine Authentication
Login Window Mode = User Authentication taken from the login screen
User Mode = user Authentication like iOS
as described in the document you can mix System Mode with Login Window Mode. But i've never configured it since the Login Window Mode needs an Authentication of a User against LDAP or Active Directory.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: