Hi!
I´m having a logical misunderstanding about NPS, EAP-TLS and certificates. Maybe you can help me out with this.
In my environment I have AD, NPS, CA and network devices. I´m using successfully Wifi EAP-TLS policy and my Ethernet policies are working aswell. I have two policies for ethernet and for wifi:
1. Computer policy: Conditions are Client Friendly Name (Switches), NAS Port Type (Ethernet), Domain Computer Group
2. User policy: Conditions are Client Friendly Name (Switches), NAS Port Type (Ethernet), Domain Users Group
When I turn on computer it get acces to network (if I have certificate and machine is domain computer). When I log in with user who has a certificate and who is domain user - everything still works. So policies are working! If user don´t have certificate then connection is disconnected.
Problem is that when I have a new user logging to the machine then it don´t have certificate. And authentication will fail! Is there a way to allow user to request certificate and then try to authenticate? GPO policy is "enroll automatically" turned on but it will not work cause user log in is using TEMP account and certificate is not enrolled! So new users can´t access to network to download profile if I don´t put the certificate there by myself.
Second question is about PXE an computer certificate. Is there a way to use SCCM/PXE for OSD?
Any help would be appriciated!
Taavi