Security

Reply
Contributor I
Posts: 103
Registered: ‎12-26-2014

Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

I want to use AD as MAC Authentication server for Guest users how can I  do so??

Guru Elite
Posts: 8,190
Registered: ‎09-08-2010

Re: Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

This will not scale well. You will need to make AD accounts for every MAC address and also stand up an NPS server.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 103
Registered: ‎12-26-2014

Re: Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

So you mean like adding computers in specific OU?

Guru Elite
Posts: 8,190
Registered: ‎09-08-2010

Re: Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

No, you literally need to make user accounts for every device with the mac address as the username and password.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 103
Registered: ‎12-26-2014

Re: Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

you really helps alot thank you

Occasional Contributor II
Posts: 21
Registered: ‎02-12-2013

Re: Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

So I don't mean to hijack this thread, but I wanted some clarification.  Setting an AD user object with the mac address as both the username and the password is a pretty large security hole, don't you think?  That would mean that someone would only need to know a single mac address and they'll be able to log in to any service that relies on AD for authentication.  

 

Is there a more secure way to implement this, or perhaps a mitigation technique to limit these 'users' exposure?

 

Thanks.

Guru Elite
Posts: 8,190
Registered: ‎09-08-2010

Re: Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

This is by no means a good practice but is something to help those who don't have ClearPass achieve basic MAC-authentication.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 21
Registered: ‎02-12-2013

Re: Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

So then those of us without clearpass interested in mac auth + PEAP auth on the same SSID can use FreeRADIUS rather than MS NPS?

Guru Elite
Posts: 8,190
Registered: ‎09-08-2010

Re: Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

MAC address is used for authorization after authentication and is not recommended as a security method.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 21
Registered: ‎02-12-2013

Re: Can I use MAC Authentication using Aruba controller and Active Directory as RADIUS?

[ Edited ]

Methods for authentication are limited by what a client supports.  Whether or not it is 'best practice' is something that should be directed at the wireless sensor/embedded device maker.  We're just here trying to make things work.

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: