Security

Reply
Occasional Contributor I
Posts: 5
Registered: ‎04-04-2012

Ipads and authentication using AD

Hi,

 

Can anyone give me an idea on how can I grant access to Ipads to our corporate Network using a combination of MAC authentication and a SelfSigned certificate or something lese that authenticate the users seamless in AD??

 

We have Aruba 6.1 OS  passing roles to NAC (Bradford) that then place users in the correct vlan based in the role.

 

I'm already tried 802.1x with multifactor authentication and works perfect with Laptops but Apple supplicant on Ipads doesn't users for new credentials (token number) after come back from standby.

 

I can use MAC and wpa2 but that also bring another inconvenient and is that since users are not authenticated on AD, in order to use any resource available on the network and even to go out to internet using safaris or an other apps needs first to autheticate in Ironport for example and reauthtenticate every single day..

 

Suggestion are very welcome.

JC

Moderator
Posts: 150
Registered: ‎11-14-2011

Re: Ipads and authentication using AD

JC,

 

Have you considered using EAP-TLS authentication on the iPad. Typically the AD username will be enbedded within the CN of the client certificate which will allow you to have a two phase authorization check. First the validity of the client certificate and second an authorization check to AD to see if the user is still active or has the appropriate group membership.

 

This group membership lookup can also be used to provide differentiated access to the network by having the RADIUS server return a different role to the WLAN controller based on this AD lookup.

 

Hope this helps

 

Cam.

Occasional Contributor I
Posts: 5
Registered: ‎04-04-2012

Re: Ipads and authentication using AD

Hi Ca,

Is there any doc available on how to generate the client certiicate  in the local CA Server, and them how to import it on the Ipad?

Also, Ipad 2 doesn't allow to change from manual to automtic (certifcate) when using wap2.

Any idea on this?

 

Thank you very much

Moderator
Posts: 150
Registered: ‎11-14-2011

Re: Ipads and authentication using AD

The capability to provision a client certificate to an iOS device is now known as Onboard as part of the ClearPass product family. There is some great documentation available for download from the support site on the following link:

 

http://support.arubanetworks.com/DOCUMENTATION/tabid/77/DMXModule/512/Default.aspx?EntryId=7855

Occasional Contributor I
Posts: 5
Registered: ‎04-04-2012

Re: Ipads and authentication using AD

Hi Cam,

 

The soluton on the document looks great, however unfotunately doesn't work  for us. We don't  use AmigaPod as our NAC solution, so we don't have the ClearPass Onboard or Policy Manager Server.

 

Thank you, JC

Search Airheads
Showing results for 
Search instead for 
Did you mean: