Wireless Access

Reply
Occasional Contributor I
Posts: 5
Registered: ‎05-04-2016

Error authentication 802.1x with devices android

Hello,

I contact you for an issue about the authentication 802.1x with devices android. We use Clearpass behind the controler with EAP-TLS method. The certificate chain is composed of 3 elements (1 CA Root and 2 intermediate certificate). With IOS devices, the connection work perfectly. But with devices android, I get an error when authenticating. I supose that devices android does not support the certificate chain with 2 intermediate because with one intermediate, it work.

Have you ever had this problem ? How Can I debug on controler and Clearpass ?

Thank you.

Guru Elite
Posts: 20,807
Registered: ‎03-29-2007

Re: Error authentication 802.1x with devices android

Are you using Onboard to put certificate on the Android device?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎05-04-2016

Re: Error authentication 802.1x with devices android

Thank you for your quick reply.
No, I don't use "Onboard" for put the certificate on the device. I installed manualy the certificate on the device (for the test).
We use an other mdm for enrol the devices IOS.

 

Is it possible to debug this ?

I already used "user-debug" client, auth-tracebuf ...

 

 

MVP
Posts: 1,412
Registered: ‎11-30-2011

Re: Error authentication 802.1x with devices android

more an AAA section question.

 

if you already determined it worked with one intermediate and not with two i would focus on looking into anroid forums to see if this is a known issue.

 

you are sure every intermediate is trusted on the clearpass side? if you raise the logging levels you might be able to see something in the access tracker logs.

 

if you have a support contract be sure to open a TAC case, if you have it working with one interemediate they should be able to look more closely in the two intermediate issue and perhaps provide an answer. be sure to report back with an answer please.

Occasional Contributor I
Posts: 5
Registered: ‎05-04-2016

Re: Error authentication 802.1x with devices android

Hello,

If I can help someone, I found the solution.

In fact, when configuring the android device it's very important to put the username in field "Identity" if not the radius request is stopped because the username is not send. I found that when I used "show auth-tracebuf".


Android can not retrieve the CN in the certificate like an IOS.

 

Best regards,

Search Airheads
Showing results for 
Search instead for 
Did you mean: