With ACS 4.1 in an AD environment I can configure Machine Authentication with Access Restrictions - i.e. don't allow the user to authenticate unless the machine has authenticated first. This is a nice feature as it ensures a User cannot logon wirelessly without the machine they are attempting to logon from being validated first.
Is there anyway you can achieve the same logic using IAS? I have MAC Authentication working through IAS so this gives a little more security but is still easily hackable.
I was hoping there would be some logical way of doing this without mandatory profiles etc or enforcing machine-only authentication. At the moment a user can use their own wireless PC and as long as they have valid credentials (PEAP MS-CHAPv2 or EAP-TLS & a Certificate depending on what is configured on IAS) they can associate with the wireless network.