09-22-2015 04:13 AM
I've got a simple clearpass service that allows a client to authenticate using eap-peap against our AD system. Simple thing and it just works. I now want to also allow eap-tls authentication on the same ssid.
I can't just add the eap tls with ocsp authentication method to my working service so I need to create another service only for eap-tls.
On my dev server I've set up the following service configured with only the eap-tls method. A clearpass generated client cert then allows an android device to connet to SSID alexs-test.Looking at the summary, it says authentication method EAP-TLS
Here is the successful auth.
Given that the Authentication method says its EAP-TLS, I then added an extra line to this service selection criteria to try and only select eap-tls authentications.
but the service doesn't get selected. How can I only select this service for eap-tls requests?
Solved! Go to Solution.
09-22-2015 04:19 AM
You need to use the same service as EAP-PEAP and add EAP-TLS to the authentication tab and service it from there.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
09-22-2015 07:03 AM
Tried that initally and it failed hence the question about having a second service. However, fixed it as my local copy of the eap-tls method had authorization required enabled which meant the clearpass was trying to query AD, which failed.
Here's the authorization section of my service
And this is the Auth method that works
So I've got 1 service which auth's peap and tls, which is qwhat I wanted in the first place!