Security

Reply
Regular Contributor II
Posts: 202
Registered: ‎01-30-2013

Radius authentication

Hi all

 

Is it possible to create a WLAN profile that uses :

 

1. authentication against a radius internal in the controller : user only connects with a username and password.

 

2. mac authentication - I know this part...

 

3. Certificates on the client side..

 

Thanks for the help

Regular Contributor II
Posts: 202
Registered: ‎01-30-2013

Re: Radius authentication

Hi

 

I was able to configure a WLAN profile  with mac-auth and 802.1x ( users go check internal database from aruba to connect).

 

I have just one problem that is clients on PC´s that don´t have CA , do not connect.

 

It goes OK with iphones and androids, but with a linux PC with asks for a CA that i don´t have.

 

IS it possible to import some certificate from aruba to PC´s ? Because I see that Iphone gets an ssl certificate from aruba when it connects

 

Regards

Guru Elite
Posts: 20,816
Registered: ‎03-29-2007

Re: Radius authentication

[ Edited ]

Beconnect,

 

The certificate that you see in the controller is a built-in certificate that everyone should replace.  You are probably using termination for 802.1x which utilizes the built in certificate for the server certificate.  To obtain the CA certificate to put on your linux machine, you need a windows computer to log into the controller's GUI and save the certificate to a file.  I do not know the format your linux computer needs for that certificate, but below is an one way to extract it via Windows:

certificate.png



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor II
Posts: 202
Registered: ‎01-30-2013

Re: Radius authentication

i cjoseph

 

thanks

 

I was able to login under linux, by changing the wlan settings on PC to PEAP.

 

IS it possible now to change the auth from user / pass to certificates?

 

Like , a user logins to wlan , but with a certifcate issued by the network ( a CA that the client has )?

 

 

Regards

Guru Elite
Posts: 20,816
Registered: ‎03-29-2007

Re: Radius authentication

beconnect,

 

EAP-TLS is a complicated thing to setup, and even harder under Linux.  Do you have a certificate authority?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: