Controllerless Networks

Reply
Aruba Employee

Aruba Instant authentication using Certificates and LDAP

Hi,

 

I have a customer who has 10 205 APs working as instant, having one operating as Master and the others connected to it. They want to have the following setup:

- user laptops should connect to the corporate SSID and authenticate using a certificate installed into the laptop and then, use the LDAP (Microsoft Active Directory) credentials.

 

They want to have both together, so to avoid any third party laptops connect to this SSID, by just using the LDAP credentials of a user.

 

I have connected the AP with the LDAP serer and LDAP authentication works just fine. My question is, is it possible to have an issued certificate installed into the laptop, the laptop use this certificate to authenticate and then propmpt for username and password, requiring the domain credentials?

 

Thank you.

 

Agelos

Guru Elite

Re: Aruba Instant authentication using Certificates and LDAP

You need a radius server that supports EAP-TLS for that.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee

Re: Aruba Instant authentication using Certificates and LDAP

Hi Colin,

 

Thanks for your quick response.

 

I have a radius server which support EAP-TLS. The problem is that I'm confused onhow to setup this. I have created a SSID with security level set to Enterprise. The Key Management is set to WPA2-Enterpise, the Termination is enabled and the Authentication server is pointing to the LDAP server. What I understand is that Authentication server should point to the Radius server and then the Radius server to ask LDAP to authenticate the user using the domain credentials. Is this right? If this is the case, how I will force a wireless user to have a specific certificate installed, before performing the LDAP authentication? Or is this done by the Radius? 

 

Sorry for all these questions. I just have to understand prior moving on with the certificates. It would be great if you could state some points or a step by step process to follow.

 

Thanks again for your effort on this.

 

Agelos

Guru Elite

Re: Aruba Instant authentication using Certificates and LDAP

The client needs to be configured to use a specific client certificate. The RADIUS server will have a policy that allows certificates issued from specific CAs to authenticate.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: Aruba Instant authentication using Certificates and LDAP

This should get you going on how to the use the GPO cert autoenrollment option for Domain (Computers/Users) with ADCS : 

http://www.petenetlive.com/KB/Article/0000919 

 

Note: If the customer already has the ADCS function in place you can ignore some of the initial steps

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: