we seek help from you.
Environment background
Corporate Network Access is managed via Cisco ISE. It validates two fronts Machine Authentication and User Authentication.
For Machine Authentication it Validates the Machine Certificate of the Machine and if the machine is domain joined.
Once Machine Authentication passes it provides network connectivity only upon User Authentication is successfully authenticated, it provides full Network Access
After long trial and error, we able find right network payload that can cater to this.
Issue
As the machine joined to the AD domain, we have Mac mobile Account setup for the User. At the login screen, the wifi is connected to the network with machine authentication criteria of above.
Test 1
We can See Mobile Login accounts, and we can see Others on the screen
As we click on Mobile Login Name and Type the password, it logs in to the desktop but does not pass the credential to ISE to give full network access
We don’t see any communication with ISE here.
Logout to Login Window
Test2
Click on Others.
You can See the corporate Wi-Fi its connected with machine authentication
Type user name and password, it is passed to ISE and gets full network access
in this case, Mac does not get to the desktop screen
it stays Stuck
Now if you go back and log in with the mobile account, it works fine as it already has the network
once I left it stuck overnight with others login and connected again in the morning, it got through
