07-02-2018 10:15 AM
Hi All,
I have a query regarding Machine + User Authentication in Mac OS.
Does both machine and User authentication work when I have both the machine and the user credentials in the AD. (Not certificate based, but the machine is part of the domain)
I have come across articles stating System and Login Window mode can actually work together but did not find any configuration guide to support this.
Any leads will be helpful.
Solved! Go to Solution.
07-02-2018 10:33 AM
This was from last year, but it looks like there is no way to get both credentials at once as Apple doesn't support the dual credentials.
07-02-2018 10:33 AM
This was from last year, but it looks like there is no way to get both credentials at once as Apple doesn't support the dual credentials.
07-02-2018 10:36 AM
Thanks for your input.
By at once, you mean like eap-chaining or for Apple devices, we can either do machine authentication or user authentication. I was wondering if we can use MAR if both are supported even if not as eap-chaining.
07-02-2018 10:45 AM
Yes, it sounded like you can sue MAR to get the machine credential.
I use MAR in out setup, but don't have Macs, but should be the same.
The caveats I run into is people being docked, log in, then go wireless. Since the MAC changes, the system may not have the wireless MAC stored. I have our MAR database set to 30 days and this has kept this issue to a minimum.
It's a trade off, we originally did EAP-Chaining, but the AnyConnect NAM was too intrusive and windows made you uninstall it whenever there big updates went live.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide