Security

We are trying to setup MAC-BASED authentication for smart devices (  phones, tablet ) with MS radius server NPS
After creating a user with username and password set as the device's MAC address we enabled the UserIdentityAttribute key on the NPS and created a policy on the NPS to accept connections with unencrypted PAP credentials
Still the Iphone is not recognized and a "username/password" prompt is shown

Can anyone help with this settings ?
thanks

------------------------------
stefano colombo
------------------------------

Have you specified MAC Authentication within the Network Profile and the NPS server as the external server?

https://www.arubanetworks.com/techdocs/Instant_86_WebHelp/Content/instant-ug/authentication/conf-mac-auth.htm

------------------------------
Craig Syme
------------------------------

Original Message:
Sent: Nov 04, 2020 10:44 AM
From: stefano colombo
Subject: IAP MAC-BAsed Authentication

We are trying to setup MAC-BASED authentication for smart devices (  phones, tablet ) with MS radius server NPS
After creating a user with username and password set as the device's MAC address we enabled the UserIdentityAttribute key on the NPS and created a policy on the NPS to accept connections with unencrypted PAP credentials
Still the Iphone is not recognized and a "username/password" prompt is shown

Can anyone help with this settings ?
thanks

------------------------------
stefano colombo
------------------------------

Hello Craig ,
here is how I configured the Network
The Wifi  shoudl be utilized by Smart Devices, with MAC only authentication , and also by domain computers with cert based auth.
On the windws NPS we defined two different Network policies

------------------------------
stefano colombo
------------------------------

Original Message:
Sent: Nov 05, 2020 09:00 AM
From: Craig Syme
Subject: IAP MAC-BAsed Authentication

Have you specified MAC Authentication within the Network Profile and the NPS server as the external server?

https://www.arubanetworks.com/techdocs/Instant_86_WebHelp/Content/instant-ug/authentication/conf-mac-auth.htm

------------------------------
Craig Syme

Original Message:
Sent: Nov 04, 2020 10:44 AM
From: stefano colombo
Subject: IAP MAC-BAsed Authentication

We are trying to setup MAC-BASED authentication for smart devices (  phones, tablet ) with MS radius server NPS
After creating a user with username and password set as the device's MAC address we enabled the UserIdentityAttribute key on the NPS and created a policy on the NPS to accept connections with unencrypted PAP credentials
Still the Iphone is not recognized and a "username/password" prompt is shown

Can anyone help with this settings ?
thanks

------------------------------
stefano colombo
------------------------------

Did you also configure an authentication server within the MAC Authentication settings, this will send the MAC AUTH requests to the correct server? Unfortunately this part is missing from the screenshot.

------------------------------
Craig Syme
------------------------------

Original Message:
Sent: Nov 05, 2020 10:58 AM
From: stefano colombo
Subject: IAP MAC-BAsed Authentication

Hello Craig ,
here is how I configured the Network
The Wifi  shoudl be utilized by Smart Devices, with MAC only authentication , and also by domain computers with cert based auth.
On the windws NPS we defined two different Network policies

------------------------------
stefano colombo

Original Message:
Sent: Nov 05, 2020 09:00 AM
From: Craig Syme
Subject: IAP MAC-BAsed Authentication

Have you specified MAC Authentication within the Network Profile and the NPS server as the external server?

https://www.arubanetworks.com/techdocs/Instant_86_WebHelp/Content/instant-ug/authentication/conf-mac-auth.htm

------------------------------
Craig Syme

Original Message:
Sent: Nov 04, 2020 10:44 AM
From: stefano colombo
Subject: IAP MAC-BAsed Authentication

We are trying to setup MAC-BASED authentication for smart devices (  phones, tablet ) with MS radius server NPS
After creating a user with username and password set as the device's MAC address we enabled the UserIdentityAttribute key on the NPS and created a policy on the NPS to accept connections with unencrypted PAP credentials
Still the Iphone is not recognized and a "username/password" prompt is shown

Can anyone help with this settings ?
thanks

------------------------------
stefano colombo
------------------------------

Hello Craig
I don't see a specific setting for MAC authentication below the complete screenshot



------------------------------
stefano colombo
------------------------------

Original Message:
Sent: Nov 06, 2020 04:26 AM
From: Craig Syme
Subject: IAP MAC-BAsed Authentication

Did you also configure an authentication server within the MAC Authentication settings, this will send the MAC AUTH requests to the correct server? Unfortunately this part is missing from the screenshot.

------------------------------
Craig Syme

Original Message:
Sent: Nov 05, 2020 10:58 AM
From: stefano colombo
Subject: IAP MAC-BAsed Authentication

Hello Craig ,
here is how I configured the Network
The Wifi  shoudl be utilized by Smart Devices, with MAC only authentication , and also by domain computers with cert based auth.
On the windws NPS we defined two different Network policies

------------------------------
stefano colombo

Original Message:
Sent: Nov 05, 2020 09:00 AM
From: Craig Syme
Subject: IAP MAC-BAsed Authentication

Have you specified MAC Authentication within the Network Profile and the NPS server as the external server?

https://www.arubanetworks.com/techdocs/Instant_86_WebHelp/Content/instant-ug/authentication/conf-mac-auth.htm

------------------------------
Craig Syme

Original Message:
Sent: Nov 04, 2020 10:44 AM
From: stefano colombo
Subject: IAP MAC-BAsed Authentication

We are trying to setup MAC-BASED authentication for smart devices (  phones, tablet ) with MS radius server NPS
After creating a user with username and password set as the device's MAC address we enabled the UserIdentityAttribute key on the NPS and created a policy on the NPS to accept connections with unencrypted PAP credentials
Still the Iphone is not recognized and a "username/password" prompt is shown

Can anyone help with this settings ?
thanks

------------------------------
stefano colombo
------------------------------

Hello Craig ,
what I've found in the logs is the the Iphone was trying to use the MSCHAP authentication even if we'd like to authorize the user only by MAC without he had to add the credentials
<Data Name="Reason">The user attempted to use an authentication method that is not enabled on the matching network policy.</Data>
<Data Name="LoggingResult">Accounting information was written to the local log file.</Data>

so we add the MSCHAP to the Network Policy on the NPS server as the picture

------------------------------
stefano colombo
------------------------------

Original Message:
Sent: Nov 06, 2020 04:26 AM
From: Craig Syme
Subject: IAP MAC-BAsed Authentication

Did you also configure an authentication server within the MAC Authentication settings, this will send the MAC AUTH requests to the correct server? Unfortunately this part is missing from the screenshot.

------------------------------
Craig Syme

Original Message:
Sent: Nov 05, 2020 10:58 AM
From: stefano colombo
Subject: IAP MAC-BAsed Authentication

Hello Craig ,
here is how I configured the Network
The Wifi  shoudl be utilized by Smart Devices, with MAC only authentication , and also by domain computers with cert based auth.
On the windws NPS we defined two different Network policies

------------------------------
stefano colombo

Original Message:
Sent: Nov 05, 2020 09:00 AM
From: Craig Syme
Subject: IAP MAC-BAsed Authentication

Have you specified MAC Authentication within the Network Profile and the NPS server as the external server?

https://www.arubanetworks.com/techdocs/Instant_86_WebHelp/Content/instant-ug/authentication/conf-mac-auth.htm

------------------------------
Craig Syme

Original Message:
Sent: Nov 04, 2020 10:44 AM
From: stefano colombo
Subject: IAP MAC-BAsed Authentication

We are trying to setup MAC-BASED authentication for smart devices (  phones, tablet ) with MS radius server NPS
After creating a user with username and password set as the device's MAC address we enabled the UserIdentityAttribute key on the NPS and created a policy on the NPS to accept connections with unencrypted PAP credentials
Still the Iphone is not recognized and a "username/password" prompt is shown

Can anyone help with this settings ?
thanks

------------------------------
stefano colombo
------------------------------