Security

Reply
Occasional Contributor II
Posts: 46
Registered: ‎01-22-2015

peap enforce certificate

HI
I have setup PEAP authentication with server certificate. The NPS server is used for radius authentication clients are working fine with or without server certificate verification.
 
how could i enforce that client should verify the server certificate otherwise the wireless not authenticated..
Guru Elite
Posts: 7,852
Registered: ‎09-08-2010

Re: peap enforce certificate

This is a client setting. You cannot force it from the radius server side unless you have control over the client via group policy, MDM, etc.

Sent from Nine

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Aruba Employee
Posts: 60
Registered: ‎07-09-2015

Re: peap enforce certificate

Assuming that your clients are, in the majority, Windows clients, then you can enforce this in their Windows domain user profile. For iOS I think that anything after Mac iOS 7 actually forces the trust chain to be checked by default. I have had a customer case with iOS 8, the CA was corporate and not checked by default by iOS, hence authentication failed.

Either way, these are client settings and not really enforceable from the network side.
Moderator
Posts: 867
Registered: ‎07-29-2010

Re: peap enforce certificate

I've moved this topic to the AAA, NAC, Guest Acces & BYOD board, as it was clearly not in Spanish :)

 

Merry Christmas!

Samuel Pérez
ACMP, ACCP, ACDX#100

---

If I answerd your question, please click on "Accept as Solution".
If you find this post useful, give me kudos for it ;)
Occasional Contributor II
Posts: 46
Registered: ‎01-22-2015

Re: peap enforce certificate

thank you! 

in another way , can i limited to only  join the domain computer can access the wireless networks no use machine authentication?

Guru Elite
Posts: 7,852
Registered: ‎09-08-2010

Re: peap enforce certificate

Machine authentication is the method you use to limit to only domain machines.

Sent from Nine

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 46
Registered: ‎01-22-2015

Re: peap enforce certificate

is there another way to  accomplish exclude machine authentication ?

Guru Elite
Posts: 7,852
Registered: ‎09-08-2010

Re: peap enforce certificate

You can issue certs to the devices. Why don't you want to use machine authentication?

Sent from Nine

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 46
Registered: ‎01-22-2015

Re: peap enforce certificate

Using certificates to device too complex,machine authentication  is not easy to management。it seems only use machine authentication

 

thanks

 

 

Guru Elite
Posts: 7,852
Registered: ‎09-08-2010

Re: peap enforce certificate

Machine authentication is very easy via group policy.

Sent from Nine

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: