Security

Reply
Occasional Contributor II

Windows Authentication Issue

Hi All,

very new to Aruba/clearpass side of things.

Having issue when connecting to our PoC wifi.

 

i am on win 10 and when i try to connect to the wifi with DOMAINNAME\username it fails(this is prefilled with a tickbox when you connect to wifi) but when i manually type in domainname\username it accepts it.

Error in clearpass says TLS session error and unknow CA.

Currently since we are in trial period we dont have a cert but it baffles me that it accepts lower case domain name and not upper case.

 

uppercase domain name is pre-filled and i would rather have that so users dont type in creds manually.

Can someone help me out.

Frequent Contributor I

Re: Windows Authentication Issue

Your windows do not trust the certificate authority.

 

The PC you are using to connect to this SSID needs to trust your CA.

JayBee
ACDX | ACCX| CCIE (RnS/SP,DC) | ACCP | ACMP | ACSA | ACMA | JNCIS | JNCIA
If the provided solution resolves your issue, please mark it as accepted solution to help others.
Occasional Contributor II

Re: Windows Authentication Issue

but its a domain machine which connects to our exisitng wifi.

i have all the necessary certs for current infrastructure.

 

whats the difference between me typing domain name and computer pre-populating the info.

Frequent Contributor I

Re: Windows Authentication Issue

Ok.. If the computer is domain joined, can you please make sure ClearPass is also part of the domain & has the CA cert added to the trust list. .

 

Also, try striping username:

https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/What-is-quot-Strip-Username-Rules-quot-on-CPPM-and-how-to-use-it/ta-p/173504

 

The unknown CA error is usually when your machine is not trusting the CA.

 

JayBee
ACDX | ACCX| CCIE (RnS/SP,DC) | ACCP | ACMP | ACSA | ACMA | JNCIS | JNCIA
If the provided solution resolves your issue, please mark it as accepted solution to help others.
Occasional Contributor II

Re: Windows Authentication Issue

stripped rules did not work still get the same error.

 

Frequent Contributor I

Re: Windows Authentication Issue

And ClearPass has joined the domain & has CA cert added to the trust list?

Can you share auth logs from CPPM for the request that is being denied.

JayBee
ACDX | ACCX| CCIE (RnS/SP,DC) | ACCP | ACMP | ACSA | ACMA | JNCIS | JNCIA
If the provided solution resolves your issue, please mark it as accepted solution to help others.
Occasional Contributor II

Re: Windows Authentication Issue

Hi Jay,

 

like i mentioned cert has not been added.

but i am still unclear the difference between a manual entry and pre-filled information.

why it fails in the latter but not the former

Frequent Contributor I

Re: Windows Authentication Issue

We are talking about two different types of auth here.

 

Your authentication is failing because Windows is trying to use EAP-TLS by default & ClearPass do not trust your CA.

 

When youa re entering credentials manually  you are using EAP-PEAP & the certificate installed on your machine will not be used for authentication anymore.

JayBee
ACDX | ACCX| CCIE (RnS/SP,DC) | ACCP | ACMP | ACSA | ACMA | JNCIS | JNCIA
If the provided solution resolves your issue, please mark it as accepted solution to help others.
Occasional Contributor II

Re: Windows Authentication Issue

that makes sense.

i will try to get a cert then

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: