Security

Reply
Contributor I

Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

I want to use AD as MAC Authentication server for Guest users how can I  do so??

Guru Elite

Re: Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

This will not scale well. You will need to make AD accounts for every MAC address and also stand up an NPS server.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

So you mean like adding computers in specific OU?

Guru Elite

Re: Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

No, you literally need to make user accounts for every device with the mac address as the username and password.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

you really helps alot thank you

Occasional Contributor II

Re: Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

So I don't mean to hijack this thread, but I wanted some clarification.  Setting an AD user object with the mac address as both the username and the password is a pretty large security hole, don't you think?  That would mean that someone would only need to know a single mac address and they'll be able to log in to any service that relies on AD for authentication.  

 

Is there a more secure way to implement this, or perhaps a mitigation technique to limit these 'users' exposure?

 

Thanks.

Guru Elite

Re: Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

This is by no means a good practice but is something to help those who don't have ClearPass achieve basic MAC-authentication.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

So then those of us without clearpass interested in mac auth + PEAP auth on the same SSID can use FreeRADIUS rather than MS NPS?

Guru Elite

Re: Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

MAC address is used for authorization after authentication and is not recommended as a security method.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

Methods for authentication are limited by what a client supports.  Whether or not it is 'best practice' is something that should be directed at the wireless sensor/embedded device maker.  We're just here trying to make things work.

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: