08-07-2014 07:41 PM
Now our organization demands that Mac Osx and Linux laptops users can use the same Ssid. I did try to let them connect after manually installing the ca root certificate but without success, I receive authentication errors in clearpass. What steps do I need to take to configure this? Do I need to select other authentication methods in the Ssid profile on the controller, do I need to change something in the ca or do I need to change something in clearpass?
Is there some document that describes the seps I need to set this up?
08-07-2014 07:45 PM
08-07-2014 08:27 PM
This is a Linux laptop that is tried in this case. It seems that the username is used for authentication and not the machine, how does the profile in Linux needs to be configured, we did try several options and also selected the certificate, but without success.
08-07-2014 08:31 PM
08-07-2014 08:54 PM
That make sense, thanks, i'm going to test this later today. So i have the following options if i'm correct:
1. Use current authentication method
Issue a client certificate, install and connect with EAP-TLS to the current SSID.
2. Allow username and password access
Add EAP PEAP and EAP MSCHAPv2 to the service profile in CCPM (and maybe on the SSID/VAP profile on the controller).
Create/modify the role mapping and/or enforcement policy to allow access based on user group memebership in AD.
3. Start with CCPM Onboarding
This is new to me, but this is to allow different kind of OS/devices to auto enroll and connect to our network, is this correct?
Are these 3 options correct? Is option 2 also going to work?
What is the way to go? Currently there are just a hand full of laptops other that Windows based, but i expect this to grow, so i think option 1 can work for now (i'm going to test this later), but for the best managed way, what should we choose?
08-08-2014 04:30 AM
Options 1 and 2 will work, but require lots of manual steps.
08-08-2014 04:53 AM
Witth manual steps you mean manual from laptop/user perspective?
Is it correct that i say that option 2 is relative straight forward? When using an AD user for authentication is something that is relative easy to configure in Clearpass/ArubaController and also easy to explain to our employees. They just need to connect to our wireless network and use their username and password from AD.
Is this correct?
08-08-2014 04:57 AM
Certificate authentication (TLS) is the most secure and many organizations are moving this way.
Also, some flavors of Linux will be supported in a future release.