Can I use SBR for double authentication ? first autentication with user and password and second autentication witn machine certificate.
Your requirement can be achived using SBR where you can integarate AD/LDAP server with SBR for both username /pwd & machine certificate autthentication
If these are separate authentication requests, you can authenticate the user with Username/Password and use EAP-TLS for machine authentication with the certificate.
What method are you going to use for the user?
This does depend on how the device will work, but as long as it can trigger a machine auth after the User auth I don't see a problem.
As far as I can see, it depends on the capability of the supplicant software as well.If you want to use machine credentials or windows credentials you will need to use SBR with AD.But if you can configure machine authentication using machine certificate and similarly user authentication with non windows credentials you may not necessarily need to use AD/LDAP in SBR.
Hope that helps