Security

last person joined: 17 minutes ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

EAP-TEAP without AuthN Source

This thread has been viewed 12 times
  • 1.  EAP-TEAP without AuthN Source

    Posted Jul 16, 2021 05:29 PM
    CPPM 6.10

    I'm integrating CPPM with Intune and SCEP with MS NDES. Device is NOT Hybrid joined.

    All is good if I use EAP-TLS AuthN with an EAP-TLS method without AuthZ, which is expected. However, if I use EAP-TEAP with the inner method as the same EAP-TLS method that has AuthZ disabled, the service complains I have not set an authentication source.

    This doesn't make sense. Possible bug?

    ------------------------------
    ACCX #1239 || ACMX #1384 || ACEP || ACSP || CWNA || CWSP
    ------------------------------


  • 2.  RE: EAP-TEAP without AuthN Source

    Posted Jul 19, 2021 06:11 AM
    Agree that it doesn't make sense in this case. The get around it, just put in the Local User repository, or Endpoint Repository, which will not be used in the end but if you need to put one in, use that. To be fully secure, check in your enforcement that the authentication source is not the one you added.

    You could reach out to Aruba TAC and see if they agree this is indeed a bug, and get a bug filed for it.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------