Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Ipads and authentication using AD

This thread has been viewed 5 times

  • 1.  Ipads and authentication using AD

    Posted Apr 04, 2012 03:41 PM

    Hi,

     

    Can anyone give me an idea on how can I grant access to Ipads to our corporate Network using a combination of MAC authentication and a SelfSigned certificate or something lese that authenticate the users seamless in AD??

     

    We have Aruba 6.1 OS  passing roles to NAC (Bradford) that then place users in the correct vlan based in the role.

     

    I'm already tried 802.1x with multifactor authentication and works perfect with Laptops but Apple supplicant on Ipads doesn't users for new credentials (token number) after come back from standby.

     

    I can use MAC and wpa2 but that also bring another inconvenient and is that since users are not authenticated on AD, in order to use any resource available on the network and even to go out to internet using safaris or an other apps needs first to autheticate in Ironport for example and reauthtenticate every single day..

     

    Suggestion are very welcome.

    JC



  • 2.  RE: Ipads and authentication using AD

    Posted Apr 04, 2012 03:50 PM

    JC,

     

    Have you considered using EAP-TLS authentication on the iPad. Typically the AD username will be enbedded within the CN of the client certificate which will allow you to have a two phase authorization check. First the validity of the client certificate and second an authorization check to AD to see if the user is still active or has the appropriate group membership.

     

    This group membership lookup can also be used to provide differentiated access to the network by having the RADIUS server return a different role to the WLAN controller based on this AD lookup.

     

    Hope this helps

     

    Cam.



  • 3.  RE: Ipads and authentication using AD

    Posted Jun 15, 2012 05:23 PM

    Hi Ca,

    Is there any doc available on how to generate the client certiicate  in the local CA Server, and them how to import it on the Ipad?

    Also, Ipad 2 doesn't allow to change from manual to automtic (certifcate) when using wap2.

    Any idea on this?

     

    Thank you very much



  • 4.  RE: Ipads and authentication using AD

    Posted Jun 16, 2012 12:01 AM

    The capability to provision a client certificate to an iOS device is now known as Onboard as part of the ClearPass product family. There is some great documentation available for download from the support site on the following link:

     

    http://support.arubanetworks.com/DOCUMENTATION/tabid/77/DMXModule/512/Default.aspx?EntryId=7855



  • 5.  RE: Ipads and authentication using AD

    Posted Jun 19, 2012 09:52 AM

    Hi Cam,

     

    The soluton on the document looks great, however unfotunately doesn't work  for us. We don't  use AmigaPod as our NAC solution, so we don't have the ClearPass Onboard or Policy Manager Server.

     

    Thank you, JC