Home > Community > Technology > Wireless Access > AD authentication require certificate - apple devi...

Wireless Access

Reply
Topic Options
Regular Contributor I
Andrea
Posts: 187
Registered: ‎03-27-2013

AD authentication require certificate - apple device not works
Options

‎12-04-2013 06:35 AM

Hi guys,

I have a little problem with AD authentication.
I have a controller and some APs, i have two SSID, one for employees, and one for guests.

I have configured my controller in way that for the employee access, it require an AD user.


To do this,i have configured a IAS Server that is a radius server that contacts my Active directory.

But this not works properly , for some reason, when i connect to employee SSID, the controller requires a CERTIFICATE.

If i click "continue" it works.. but i don't want that it requires something other by AD user.

 

another issue is that if i try to link an apple device it not works.

 

can you help me please?
thanks in advance
Best regards

Andrea
Alert a Moderator
Message 1 of 4 (1,144 Views)
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cappalli
Posts: 8,785
Registered: ‎09-08-2010

Re: AD authentication require certificate - apple device not works

[ Edited ]
Options

‎12-04-2013 06:37 AM - edited ‎12-04-2013 06:38 AM

That is a normal part of the PEAP process. The server is saying "Hey, do you trust me to take your credentials?"

 

The only way around this would be to either manually configure the clients to trust the CA, or use a tool like ClearPass QuickConnect to configure the trust settings automagically.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Alert a Moderator
Message 2 of 4 (1,142 Views)
Reply
0 Kudos
Aruba Aruba
Aruba
SethFiermonti
Posts: 1,377
Registered: ‎12-12-2011

Re: AD authentication require certificate - apple device not works
Options

‎12-04-2013 06:39 AM

The issue is that the Apple devices don't trust the server certificate.  Check your AAA profile.  Is EAP Termination enabled/checked off? If so, then you are using the controller certificate.  If not, then you are using the certificate on IAS.  

 

Either way, you need to have that cert signed by a trusted public CA - Verisign, Entrust, GoDaddy, etc... 

 

That is the only way to bypass the continue button on Apple.  However, keep in mind that this will only happen once.  Once you trust as the user, you shouldn't have to hit that step again.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Alert a Moderator
Message 3 of 4 (1,137 Views)
Reply
Regular Contributor I
Andrea
Posts: 187
Registered: ‎03-27-2013

Re: AD authentication require certificate - apple device not works
Options

‎12-13-2013 05:50 AM

Hi,
Like you can view in image that i have attached.
the certificate is presented by a trusted public CA GeoTrust Global CA.

so, even if the certificate is pubblic, i have this issue.

any idea?

Andrea
Alert a Moderator
Message 4 of 4 (1,030 Views)
Reply
0 Kudos
Search Airheads
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

© Copyright 2017 Hewlett Packard Enterprise Development LP
Powered by Lithium