Security

Reply
Occasional Contributor I
Posts: 9
Registered: ‎04-23-2013

iOS OnBoarding issue

Hello,

 

I've been trying to search the boards for resolution but without luck.

 

I have two SSIDs, one for onboarding and one for actual 802.1x. Android and Windows devices are onboarding just fine and automatically connecting to the 802.1x SSID. My issue is that iPad 2 (using the same service for 802.1x) downloads, installs, etc. the cert correctly but when connecting to the 802.1x SSID it says "can not join network".  When I check the access tracker it states that the device is trying to log in using <username> and not the <username:seq:mdps_generic> which is listed in the OnBoard Devices repository.

 

The certificate is 2048b and generated in OnBoard. ClearPass is 6.0.2 and Aruba WLC 6.1.

 

Any ideas how to get the iOS onboard working as smoothly as the other platforms? Any advice greatly appreciated, thanks!

Guru Elite
Posts: 19,989
Registered: ‎03-29-2007

Re: iOS OnBoarding issue

Make sure you have EAP-TLS configured as an authentication type in the service.

 

<username> means that the IOS device is using TLS.  <username:seq:mdps_generic> means that you are using EAP-PEAP.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 9
Registered: ‎04-23-2013

Re: iOS OnBoarding issue

Hello, 

 

Thanks for the prompt reply!

 

Please see the attached image from access tracker. In the matching service "BYOD 802.1x test" I have methods:

1. [EAP PEAP]
2. [EAP FAST]
3. [EAP TLS]
4. [EAP TTLS]

 

Should the iPad be using the <username:seq:mdps_generic> from Onboard devices repository? In my BYOD 802.1x test service I have only [Onboard Devices Repository] and nothing more as Authentication Sources.

Guru Elite
Posts: 19,989
Registered: ‎03-29-2007

Re: iOS OnBoarding issue

What does it say under the Alert Tab?

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 9
Registered: ‎04-23-2013

Re: iOS OnBoarding issue

Error Code:
201
Error Category:
Authentication failure
Error Message:
User not found
 Alerts for this Request  
RADIUS[Onboard Devices Repository] - localhost: User not found.
EAP-TLS: Authentication failure, unknown user
Guru Elite
Posts: 19,989
Registered: ‎03-29-2007

Re: iOS OnBoarding issue

Is there anything in the onboard device repository?

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 9
Registered: ‎04-23-2013

Re: iOS OnBoarding issue

Hi,

 

Yes, please see the attachment. In OnBoard the device has also a valid certificate:

Issued to: test-ipad

Issued by: ClearPass Onboard Local Certificate Authority (Signing)

Guru Elite
Posts: 19,989
Registered: ‎03-29-2007

Re: iOS OnBoarding issue

I would delete that and re-onboard your ipad.

 

That is a PEAP credential, not a TLS credential.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 9
Registered: ‎04-23-2013

Re: iOS OnBoarding issue

Hi,

 

Thanks for the advices, I already tried to reprovision the device and it did not help. Same issue also with iPhone 3. 

 

See the attachment of OnBoard network settings. On the authentication tab I have "certificate" selected for iOS and OS X 10.7

Guru Elite
Posts: 19,989
Registered: ‎03-29-2007

Re: iOS OnBoarding issue

I would delete the existing certificates that correspond to the Ipad and reprovision.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: