Security

Reply
Frequent Contributor II

EAP TLS Radius

HI,

 

I am configuring 802.1x authentication. I have 2003 Server as AD and CA both. 

Client should get Certificate automatically ( that can be done throgh GPO)

I want to do AD auth as well as certificate auth.  i.e. if a client is having Certificate and then AD username and Password are inputted then authentication should happen....can this be done ?

 

As per my understanding EAP-tls will not ask username/password ..It will take username/password from current login session in machine and accordingly push (manually install) certificate...is that correct???

Guru Elite

Re: EAP TLS Radius

So, the certificate in EAP-TLS will allow the DEVICE to connect wirelessly via a certificate that resides on the machine.  This can be a machine certificate or a user certificate.  The user STILL has to input his/her username and password to get into the machine.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: EAP TLS Radius

that means while connecting to ssid it will not ask for username password right ?
Guru Elite

Re: EAP TLS Radius

It will not.  It will use the certificate on the computer. Just like any Windows computer, however the user MUST have a valid username and password to get into the computer to do anything with it.  The certificate is only for wireless connectivity.

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: EAP TLS Radius

indeed, it wont ask for that, it might ask for which client certificate if you have multiple.

Super Contributor I

Re: EAP TLS Radius

Hi guys,

 

If with EAP-TLS the process doesn't ask for username and password, I understand this documentation from Aruba is not correct:

eap-tls.PNG

 

This excerpt is from the ClearPass Essentials course.

 

Regards,

Julián


Regards,
Julián
Highlighted
Guru Elite

Re: EAP TLS Radius

Like I mentioned on some of your other threads, please report this stuff to your instructor...

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor I

Re: EAP TLS Radius

I can't because the course was done few weeks ago and now I am reviewing the materials...

Please any other guy could clear my doubt?

 

Regards,

Julián


Regards,
Julián
Guru Elite

Re: EAP TLS Radius



There are other EAP types besides TLS that check the username and password, and I think the statement is more in general about those types instead of EAP-TLS in specific....


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Super Contributor I

Re: EAP TLS Radius

It should be, otherwise it makes no sense. That statement should be more clear. Thanks for clarifying.

 

Regards,

Julián


Regards,
Julián
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: