Wireless Water Cooler

Reply
New Contributor

Is it possible to setup authentication to require both valid credentials and a user certificate

We are trying to setup authentication to wireless, so that you must have a valid user certificate, as well as valid user credentials to authenticate. Our thought is can we have the controllers terminate the certificate authentication and if successful, pass the username and password provided to the NPS for authentication as well? has anyone setup something like this before?

 

Thanks

Re: Is it possible to setup authentication to require both valid credentials and a user certificate

What about a machine cert + user creds.  Clearpass would help with this process immensely!

 

Outside of that, why is the valid cert not good enough wrt security?

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
New Contributor

Re: Is it possible to setup authentication to require both valid credentials and a user certificate

Thanks for the reply, using a machine cert and creds would definitely work. This question was asked by my management staff as they feel using just a certificate wont be secure enough, so I just need to get all my options together and show them the best scenario I can. I like the idea of using clearpass, im just unsure I can get the funds to purchase it and am hoping I can do something with the current infrastructure

Guru Elite

Re: Is it possible to setup authentication to require both valid credentials and a user certificate

Wireless can only have  a single EAP type, so no.  You can authenticate via user certificate and then redirect to a captive portal to accept a username and password, but the question is...why would you?  It is probably too complicated for your clients.

 

If an organization thinks that certificates are not enough, they should visit an organization that uses certificates to get a sense of how it works with a general population.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Is it possible to setup authentication to require both valid credentials and a user certificate

If you have a third party radius server, like Juniper's IC 6500, you can have it check their certificate first, the go into AD via LDAP and have the user provide their AD password or PIN.
Guru Elite

Re: Is it possible to setup authentication to require both valid credentials and a user certificate


wayne.cmiles@gmail.com wrote:
If you have a third party radius server, like Juniper's IC 6500, you can have it check their certificate first, the go into AD via LDAP and have the user provide their AD password or PIN.

wyane.cmiles@gmail.com,

 

Does that also require a custom supplicant to enforce that action?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: