The main difference is that machine authentication uses the machine
object in Active Directory to query against and User authentication uses
the user object.
Now
think about when the machine boots up. If you use user authentication,
then the user doesn't connect to the wireless until after you enter in
the user name and password to log into the machines. Well, computer
based policies usually download at boot up, before the user logs in. So
if user authentication is used, the machine doesn't connect to the
wireless at boot up and cannot download computer policies.
The only difference between the 2 really is what account the supplicant is using to authenticate with. In a Windows AD environment, you have a computer account and a user account. As the windows machine boots up, the computer account is used to authenticate to the Wireless using your windows supplicant. Once connected to the Wireless the computer account is used to log into AD and downloads any machine policies that may be assgined to that computer or various groups it may belong to.
Then
the user login screen appears on the windows device. Up to this stage,
the machine account has been used to attach to the wireless and connect
to AD for machine specific policies.
The only difference between the 2 really is what account the supplicant is using to authenticate with. In a Windows AD environment, you have a computer account and a user account. As the windows machine boots up, the computer account is used to authenticate to the Wireless using your windows supplicant. Once connected to the Wireless the computer account is used to log into AD and downloads any machine policies that may be assgined to that computer or various groups it may belong to.