Hi,
I have a fully functional 802.1X using Cisco WLAN with Microsoft NPS. It currently is capable of domain authentication against security groups on AD.
On NPS I have two separate network policies, one for computer and the other for user. This is fine, but the policy works sequentially as an OR statement rather than an AND statement.
So at the moment, a device with a valid user certificate logon can be from an invalid computer. I'm looking to ensure that the user is on a domain computer in the correct security group.
Anyone implemented this in a way that machine authentication is a prerequisite to user authentication?
Regards
Rob
p.s. I have setup this previously with Cisco ACS using the 'Machine Access Restrictions' feature.