Solved: Re: MacOS PEAP-MSCHAPv2 computer authentication

vsurresh · ‎05-17-2021

Hello.

I know there's been plenty of topics regarding Windows based 802.1X computer authentication but none of them seem to provide an explanation for MacOS.

I'm familiar with how 'user authentication' works on MacOS but struggling to understand the 'computer authentication' The requirement is to ONLY use 'computer authentication' with 802.1X so, if a user has a company issued/domain joined MacBook the access should be granted.

With PEAP-MSCHAPv2 which computer credentials are exchanged between the client and ISE? The username would be the computer name (which exists in AD) but what about the password? My understanding is that PEAP requires username AND a password.

At the moment the authentication works as expected but I'm struggling to understand the password MacBook sends out to ISE.

Example: If the name of the computer is domain\EX1234 then ISE log shows this as the 'username'

Windows-10 - I understand that when a Windows based computer joins AD, a password is automatically created and being used with PEAP.

Thank you.

vsurresh · ‎05-18-2021

Never mind, I managed to figure out. I can see the password is saved in Active Directory. It seems MacOS behaves the same way as Windows.

View solution in original post

vsurresh · ‎05-18-2021

Never mind, I managed to figure out. I can see the password is saved in Active Directory. It seems MacOS behaves the same way as Windows.