05-04-2016 02:26 AM
I contact you for an issue about the authentication 802.1x with devices android. We use Clearpass behind the controler with EAP-TLS method. The certificate chain is composed of 3 elements (1 CA Root and 2 intermediate certificate). With IOS devices, the connection work perfectly. But with devices android, I get an error when authenticating. I supose that devices android does not support the certificate chain with 2 intermediate because with one intermediate, it work.
Have you ever had this problem ? How Can I debug on controler and Clearpass ?
05-04-2016 02:29 AM
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
05-04-2016 04:50 AM
Thank you for your quick reply.
No, I don't use "Onboard" for put the certificate on the device. I installed manualy the certificate on the device (for the test).
We use an other mdm for enrol the devices IOS.
Is it possible to debug this ?
I already used "user-debug" client, auth-tracebuf ...
05-29-2016 02:28 AM
more an AAA section question.
if you already determined it worked with one intermediate and not with two i would focus on looking into anroid forums to see if this is a known issue.
you are sure every intermediate is trusted on the clearpass side? if you raise the logging levels you might be able to see something in the access tracker logs.
if you have a support contract be sure to open a TAC case, if you have it working with one interemediate they should be able to look more closely in the two intermediate issue and perhaps provide an answer. be sure to report back with an answer please.
06-21-2016 02:48 AM
If I can help someone, I found the solution.
In fact, when configuring the android device it's very important to put the username in field "Identity" if not the radius request is stopped because the username is not send. I found that when I used "show auth-tracebuf".
Android can not retrieve the CN in the certificate like an IOS.