Solved: Machine + User authentication in Mac OS

sameesin · ‎07-02-2018

Hi All,

I have a query regarding Machine + User Authentication in Mac OS.

Does both machine and User authentication work when I have both the machine and the user credentials in the AD. (Not certificate based, but the machine is part of the domain)

I have come across articles stating System and Login Window mode can actually work together but did not find any configuration guide to support this.

Any leads will be helpful.

Dustin Anderson · ‎07-02-2018

This was from last year, but it looks like there is no way to get both credentials at once as Apple doesn't support the dual credentials.

https://communities.cisco.com/message/249489

View solution in original post

Dustin Anderson · ‎07-02-2018

This was from last year, but it looks like there is no way to get both credentials at once as Apple doesn't support the dual credentials.

https://communities.cisco.com/message/249489

sameesin · ‎07-02-2018

Thanks for your input.
By at once, you mean like eap-chaining or for Apple devices, we can either do machine authentication or user authentication. I was wondering if we can use MAR if both are supported even if not as eap-chaining.

Dustin Anderson · ‎07-02-2018

Yes, it sounded like you can sue MAR to get the machine credential.

I use MAR in out setup, but don't have Macs, but should be the same.

The caveats I run into is people being docked, log in, then go wireless. Since the MAC changes, the system may not have the wireless MAC stored. I have our MAR database set to 30 days and this has kept this issue to a minimum.

It's a trade off, we originally did EAP-Chaining, but the AnyConnect NAM was too intrusive and windows made you uninstall it whenever there big updates went live.