I setting up an WLC with the client using EAP-TLS (machine authentication only). We are using ACS 3.2 which is part of AD. The problem is that the ACS is being used to authorize users for Internet Access also.
So if I enable the Unknown User Policy to AD for EAP-TLS machine authentication, this will break what is being done for Internet Access.
Any ideas that don't include entering every machine and user name in the local database? I was wondering if I could setup a wildcard user of host/* that points to AD.
Is there a way to make this work without configuring the Unknown user policy to point to AD?