I'm using NPS on Server 2008 R2.
Setting up network policies for wireless connection using peap-mschapv2.
I want to authenticate via Machine for wireless connections but if that fails I'd like it to authenticate via User.
If I use a separate network policy with it's own conditions for each, (Machine Policy order first), and if the machine password expires authentication will not succeed. According to this article http://support.microsoft.com/kb/904943/en-us
If I have another policy for User authentication it should workaround that.. but it seems to be not doing that. It looks as though the first policy matches first and doesn't try the second policy (user auth).
My question I guess is that can I combine both policy but include in the conditions Windows Groups\Domain Computers (for machine authentication) and Windows Group\Wireless Users (for user auth). If I do that, does that mean both conditions have to be meet rather than an OR condition?
Or what would be the best way to tackle the workaround in the article besides using Eap-tls