Security

Reply
Frequent Contributor II

onboard Ubuntu and other Linux

Hi guys,

 

i've been testing to onboard linux Ubuntu 14, Ubuntu 16, and Linux Mint.

other OS such and Windows, Android, etc already working fine.

 

i have problem with those OSes, Ubuntu 14 can do the onboard fine until the onboard reconfigure device SSID to the EAP-TLS SSID but leaves error and unable to connect.

onboard.JPG

i also attach the logs of the access tracker.

other Linux such us Ubuntu 16 and Linux Mint error at the end of quickconnect. is there a way instead using web enrollment? web enrollment generate a pkcs12 certificate and it's big trouble for normal user to connect manually.

 

 

Ricky E. Lee
CWNA | ACMP | ACCP
Frequent Contributor II

Re: onboard Ubuntu and other Linux

sorry nevermind this.

my mistake i chose the auth mehtod using OCSP enabled TLS.

i use just TLS and it works fine.

 

but i still not able to onboard Ubuntu 16 and other Linux.

anyone has a workaround for this?

if i use Ubuntu onboarding profile, the quickconnect ERROR on the last step configuring new network.

Ricky E. Lee
CWNA | ACMP | ACCP
Contributor II

Re: onboard Ubuntu and other Linux

I've got the same question, how would you best onboard a ubuntu 16 or other linux device ?

Daniel F
ACMP | ACCP | HP ATP - FlexNetwork Solutions
Frequent Contributor II

Re: onboard Ubuntu and other Linux

pop-up the device categorization under onboard setting, when you use linux anything but ubuntu 14, choose other (dont choose ubuntu even if it is ubuntu 16). it will help you auto generate the certificate and download it.

but you have to setup the network profile manually.

Ricky E. Lee
CWNA | ACMP | ACCP
Contributor II

Re: onboard Ubuntu and other Linux

Nice, had to activate this since it was not enabled in my case to choose.

Anyway to get a pem-file instead of pkcs12 ? Had to convert the file with openssl, seems a hassle for the enduser.

 

Then I had a bug in ubuntu with network manager, it wouldnt show my pem-files when browsing for privatekey file :D . Seems a common bug, but was a bit confused if I did something wrong first.

 

Anyways it works now, bit of a hassle to convert from pkcs12 format...

Daniel F
ACMP | ACCP | HP ATP - FlexNetwork Solutions
Frequent Contributor II

Re: onboard Ubuntu and other Linux

yes it was my problem too. user had to convert it one by one but i dont see any other option for now.

Customer already happy enough it could auto generate a cert and download it. running the same command to convert it for every user was not a problem for them.

Ricky E. Lee
CWNA | ACMP | ACCP
Contributor II

Re: onboard Ubuntu and other Linux

Yeah, just build a instructionmanual and copy / paste a command should be allright for my customer too I guess.

 

Thanks!

 

Another question, do you know if this works for the device wired and wired ? I only see one mac-adress in onboard device list for my linux client, while seeing both wired and wireless for my windows devices.

Daniel F
ACMP | ACCP | HP ATP - FlexNetwork Solutions
Frequent Contributor II

Re: onboard Ubuntu and other Linux

didnt use wired for this case but i'm gonna do a POC next week for wired auth. i will give my linux a try and let you know.

Ricky E. Lee
CWNA | ACMP | ACCP
Contributor II

Re: onboard Ubuntu and other Linux

Awesome! Would be good to know since my customer is planning wired support.

Daniel F
ACMP | ACCP | HP ATP - FlexNetwork Solutions
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: