Simultaneous machine & user auth is not possible; one or the other is supported
if you do machine auth against one realm and then user auth against another realm, with a source IP restriction for the internal network, it may work; but because the user auth disconnects the machine auth, I am not sure if that will work