Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Onboarding for Linux

This thread has been viewed 8 times

  • 1.  Onboarding for Linux

    Posted Mar 13, 2014 07:02 AM

    Hi,

     

    i'm trying to get some info about onboarding for Linux. is there any plan or testing going on for this?

     

    R.L.



  • 2.  RE: Onboarding for Linux

    EMPLOYEE
    Posted Mar 13, 2014 08:04 AM

    "Onboarding" is a process where certificates or credentials are automatically provided to a client and the  secure WLAN is configured with those credentials or certificates.  You can certainly generate a unique client certificate for that LInux box and configure the WLAN manually.



  • 3.  RE: Onboarding for Linux

    Posted Mar 14, 2014 04:42 AM

    hi Colin,

     

    what do you mean manually? i dont see linux configuration in the onboard configuration for quickconnect. does Aruba has a quickconnect apps for Linux? well, i'm trying to set up one for testing. do you have a list of linux distribution that have been tested and working for onboarding?

     

    R.L.



  • 4.  RE: Onboarding for Linux
    Best Answer

    EMPLOYEE
    Posted Mar 17, 2014 06:48 AM

    rickylee,

     

    The different flavors of Linux do not have an API to generate and distribute certificates like the other operating systems.  I wrote a tutorial on how to do it through the ClearPass Onboard CA here:  http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/TUTORIAL-How-to-generate-TLS-certificates-for-Linux-using-the/m-p/149236

     

     



  • 5.  RE: Onboarding for Linux

    Posted Mar 17, 2014 10:14 PM

    Hi Colin,

     

    thanks for the great tutorial. i was assuming that we can do it via quickconnect so user do not have to manually export import a cert.

     

    does using the cert from clearpass CA even without quickconnect takes a slot from enterprise license?

     

    R.L.



  • 6.  RE: Onboarding for Linux

    EMPLOYEE
    Posted Mar 17, 2014 10:23 PM
    @rickylee wrote:

    Hi Colin,

     

    thanks for the great tutorial. i was assuming that we can do it via quickconnect so user do not have to manually export import a cert.

     

    does using the cert from clearpass CA even without quickconnect takes a slot from enterprise license?

     

    R.L.

    There is no Quickconnect support for Linux.  An issued certificate that is not revoked or expired consumes an Onboard or Enterprise license.

     



  • 7.  RE: Onboarding for Linux

    Posted Aug 11, 2014 12:32 PM

    We have tried the tutorial provided and were unable to connect Linux devices.  I was hoping that someone on this forum had success.  We received the following error from Clearpass when the user tried to connect:

     

    RADIUSEAP: Client doesn't support configured EAP methods

     

    We also were a little unclear as to what went into the Identity section when manually creating the connection.  Is it the Username?

     

    Thanks for any help you can provide.



  • 8.  RE: Onboarding for Linux

    EMPLOYEE
    Posted Aug 11, 2014 12:52 PM

    bpierce815,

     

    The article assumes that you already have Onboarding configured for other devices like Mac and Windows.  The error in your post is when you do not have EAP-TLS in your authentication methods.



  • 9.  RE: Onboarding for Linux

    Posted Aug 11, 2014 02:30 PM

    I have solved my own problem.  In the NetworkManager configuration, you must leave off the CA certificate as linux refuses to validate a self-signed cert.

     

    Thanks



  • 10.  RE: Onboarding for Linux

    EMPLOYEE
    Posted Aug 11, 2014 02:42 PM
    Kudos for solving your own issue!