OK I have seen more than a few questions out there with WIFI credential authentication methods and things people are doing but of course my challenge is unique (to me). I along with everyone else want to omit non domain computers from my organization's wireless. I have been playing with the EAP-TLS methods as well as the MAR setting. Right now I am successful at authenticating username passowrd + user certificate for authorization to my wireless lans. I also can set a group up and authenticate successfully with a machine cert using MAR and forcing the windows supplicant to auth the machine against my wifi. I cannot though combine the two. I actually dont know if it is even possible so thats why I am here posting this question.
Question: Is there a way I can use both peap for username password AND MAR eap+tls for authenticating my clients to our wifi? If so the benefit would be my users would not have to download a user cert and the built in domain cert could be checked against for the machine authentication.
When selecting the "user or computer authentication" it seems the windows supplicant is only passing the user authentication and not the machine.
Is there a solution for windows clients in order to authenticate with username password then also check the machine as well?
Thanks for any feedback you can provide,