04-04-2012 12:41 PM
Can anyone give me an idea on how can I grant access to Ipads to our corporate Network using a combination of MAC authentication and a SelfSigned certificate or something lese that authenticate the users seamless in AD??
We have Aruba 6.1 OS passing roles to NAC (Bradford) that then place users in the correct vlan based in the role.
I'm already tried 802.1x with multifactor authentication and works perfect with Laptops but Apple supplicant on Ipads doesn't users for new credentials (token number) after come back from standby.
I can use MAC and wpa2 but that also bring another inconvenient and is that since users are not authenticated on AD, in order to use any resource available on the network and even to go out to internet using safaris or an other apps needs first to autheticate in Ironport for example and reauthtenticate every single day..
Suggestion are very welcome.
04-04-2012 12:50 PM
Have you considered using EAP-TLS authentication on the iPad. Typically the AD username will be enbedded within the CN of the client certificate which will allow you to have a two phase authorization check. First the validity of the client certificate and second an authorization check to AD to see if the user is still active or has the appropriate group membership.
This group membership lookup can also be used to provide differentiated access to the network by having the RADIUS server return a different role to the WLAN controller based on this AD lookup.
Hope this helps
06-15-2012 02:22 PM
Is there any doc available on how to generate the client certiicate in the local CA Server, and them how to import it on the Ipad?
Also, Ipad 2 doesn't allow to change from manual to automtic (certifcate) when using wap2.
Any idea on this?
Thank you very much
06-15-2012 09:00 PM
The capability to provision a client certificate to an iOS device is now known as Onboard as part of the ClearPass product family. There is some great documentation available for download from the support site on the following link:
06-19-2012 06:51 AM
The soluton on the document looks great, however unfotunately doesn't work for us. We don't use AmigaPod as our NAC solution, so we don't have the ClearPass Onboard or Policy Manager Server.
Thank you, JC