Security

Reply
Regular Contributor I

EAP-TLS

Do I need to join and bind CPPM to AD in order to perform EAP-TLS authentication for a client?

Guru Elite

Re: EAP-TLS

No.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I

Re: EAP-TLS

Hi,

   I've got a user testing this at the moment and its failing.

They are getting -

Alerts for this Request 

RADIUS[Endpoints Repository] - localhost: User not found.
EAP-TLS: Authentication failure, unknown user

Not sure I known how to point the authentication to the customers cert that I have installed in the trust list on CPPM?

Guru Elite

Re: EAP-TLS

Why do you have the endpoints repository as an auth source? That should be your identity store.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I

Re: EAP-TLS

Hi Tim,

 It wont let me leave it blank - is there something else that should be there instead?

I'm hoping to auth against the cert in the trust list - have I uploaded the cert to the wrong location?

Guru Elite

Re: EAP-TLS

So you don't want to validate that the user account  actually exists in your identity store?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I

Re: EAP-TLS

No I dont think so, the customer doesn't have any link to AD for the devices so its just a match for a valid certificate I guess. CPPM Is a replacement for NPS - not being an expert I don't fully understand what they were checking and they couldn't explain fully.

Guru Elite

Re: EAP-TLS

Create a new EAP-TLS method with authorization disabled.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I

Re: EAP-TLS

Hi Tim,

   I've created and added that to the service and it has a different error in the Alert tab -

[Endpoints Repository] - localhost: User not found.
EAP-TLS: fatal alert by client - unknown_ca
TLS Handshake failed in SSL_read with error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
eap-tls: Error in establishing TLS session

Guru Elite

Re: EAP-TLS

1) Remove all authentication sources.

2) The client does not trust the EAP server certificate

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: