I want to be able to ensure that all computers connecting to a specific SSID and are actually domain computers. Currently I have 802.1x machine authentication and EAP-FAST configured. EAP-FAST configuration under ACS has âAllow anonymous in-band PAC provisioningâ and âAccept client on authenticated provisioningâ under âAllow authenticated in-band PAC provisioningâ checked off. Users currently get a PAC (self-signed off ACS)
Is there another way to verify domain assets besides a Certificate Services PKI?