Security

Reply
Frequent Contributor I
Posts: 99
Registered: ‎03-18-2013

Onboarding for Linux

[ Edited ]

Hi,

 

i'm trying to get some info about onboarding for Linux. is there any plan or testing going on for this?

 

R.L.

Ricky E. Lee
CWNA | ACMP | ACCP
Guru Elite
Posts: 20,966
Registered: ‎03-29-2007

Re: Onboarding for Linux

"Onboarding" is a process where certificates or credentials are automatically provided to a client and the  secure WLAN is configured with those credentials or certificates.  You can certainly generate a unique client certificate for that LInux box and configure the WLAN manually.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 99
Registered: ‎03-18-2013

Re: Onboarding for Linux

hi Colin,

 

what do you mean manually? i dont see linux configuration in the onboard configuration for quickconnect. does Aruba has a quickconnect apps for Linux? well, i'm trying to set up one for testing. do you have a list of linux distribution that have been tested and working for onboarding?

 

R.L.

Ricky E. Lee
CWNA | ACMP | ACCP
Guru Elite
Posts: 20,966
Registered: ‎03-29-2007

Re: Onboarding for Linux

rickylee,

 

The different flavors of Linux do not have an API to generate and distribute certificates like the other operating systems.  I wrote a tutorial on how to do it through the ClearPass Onboard CA here:  http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/TUTORIAL-How-to-generate-TLS-certificates-for-Linux-using-the/m-p/149236

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 99
Registered: ‎03-18-2013

Re: Onboarding for Linux

Hi Colin,

 

thanks for the great tutorial. i was assuming that we can do it via quickconnect so user do not have to manually export import a cert.

 

does using the cert from clearpass CA even without quickconnect takes a slot from enterprise license?

 

R.L.

Ricky E. Lee
CWNA | ACMP | ACCP
Guru Elite
Posts: 20,966
Registered: ‎03-29-2007

Re: Onboarding for Linux


rickylee wrote:

Hi Colin,

 

thanks for the great tutorial. i was assuming that we can do it via quickconnect so user do not have to manually export import a cert.

 

does using the cert from clearpass CA even without quickconnect takes a slot from enterprise license?

 

R.L.


There is no Quickconnect support for Linux.  An issued certificate that is not revoked or expired consumes an Onboard or Enterprise license.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 2
Registered: ‎08-11-2014

Re: Onboarding for Linux

We have tried the tutorial provided and were unable to connect Linux devices.  I was hoping that someone on this forum had success.  We received the following error from Clearpass when the user tried to connect:

 

RADIUSEAP: Client doesn't support configured EAP methods

 

We also were a little unclear as to what went into the Identity section when manually creating the connection.  Is it the Username?

 

Thanks for any help you can provide.

Guru Elite
Posts: 20,966
Registered: ‎03-29-2007

Re: Onboarding for Linux

bpierce815,

 

The article assumes that you already have Onboarding configured for other devices like Mac and Windows.  The error in your post is when you do not have EAP-TLS in your authentication methods.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 2
Registered: ‎08-11-2014

Re: Onboarding for Linux

I have solved my own problem.  In the NetworkManager configuration, you must leave off the CA certificate as linux refuses to validate a self-signed cert.

 

Thanks

Guru Elite
Posts: 20,966
Registered: ‎03-29-2007

Re: Onboarding for Linux

Kudos for solving your own issue!


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: