Mab Authentication

MAB authentication from sleeping docked HP laptops Hello all! I'm investigating on an issue we are facing in my company, where we have laptops intermittently failing their Dot1x authentication, and failover to MAC (that's the normal behaviour based on our Cisco switches access interfaces + ISE configuration). O Solution: MAC Authentication Bypass (MAB) o (Seriously, who puts ypass in the name of a seurity feature???) o MA uses the devies MA address to validate its identity o The authenticator first tries to authenticate the new device by sending EAP Request-Identity messages.

Mab authentication diagram

Mab Authentication Diagram

I'm not sure the macs would play nice with group policy the way you'd like. At my old company we had regular employees and execs using Windows and the graphic artists using macs. We ended up just biting the bullet and having them on a separate mac server and giving them AD creds just to get the network resources they needed.

What Is Mab Authentication

That was when we were using 2008 R2 as a primary domain controller, you might research Server 2012 and see if they have made improvements but in our case it just made more sense to segregate the Mac users.

Mab Authentication Open

Here is a pretty good guide on joining Macs to AD:

Mab Authentication Troubleshooting

http://blog.pluralsight.com/join-mac-to-windows-domain