Wireless Water Cooler

Reply
Occasional Contributor I
Posts: 6
Registered: ‎09-20-2010

802.1X EAP-TLS AND validate user credentials on NPS radius server?

I’m not sure where to ask this.

 

Can you have an 802.1x EAP-TLS AND validate user credentials using a NPS radius server?

 

Here’s why I ask…

 

I do the wireless networking setup and another group does the windows / NPS server side of things. I thought we required the cert and validated the user credentials. (I’m sure I tested this ) but I just tested it and I got on using only the cert and I’m being told that is “how EAP-TLS works!” No user credentials required.

 

I want to require both user credentials and certificate. Is this possible?

 

Guru Elite
Posts: 20,562
Registered: ‎03-29-2007

Re: 802.1X EAP-TLS AND validate user credentials on NPS radius server?

You cannot.  You can have a network rule that can authenticate certificate OR username and password, but not both.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎09-20-2010

Re: 802.1X EAP-TLS AND validate user credentials on NPS radius server?

Thank you!

Would you happen to know if this is possible if we were using clearpass as our radius server?

Guru Elite
Posts: 20,562
Registered: ‎03-29-2007

Re: 802.1X EAP-TLS AND validate user credentials on NPS radius server?

No, for two reasons:

 

1.  Most supplicants will only allow you to authenticate Either Certificates OR username and password.  A few custom supplicants will allow you to do a combination of username and password, smartcard and certificate, etc, but they cost money.

2.  Most radius servers like clearpass can only service a single EAP type at a time, but a custom supplicant can make them authenticate one or the other.  Highly secure environments deploy this, but they are expensive to deploy and complicated to install and maintain.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎09-20-2010

Re: 802.1X EAP-TLS AND validate user credentials on NPS radius server?

Thank you sir!

Search Airheads
Showing results for 
Search instead for 
Did you mean: