Security

last person joined: 2 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

IAP MAC-BAsed Authentication

  • 1.  IAP MAC-BAsed Authentication

    Posted 24 days ago
    We are trying to setup MAC-BASED authentication for smart devices (  phones, tablet ) with MS radius server NPS
    After creating a user with username and password set as the device's MAC address we enabled the UserIdentityAttribute key on the NPS and created a policy on the NPS to accept connections with unencrypted PAP credentials
    Still the Iphone is not recognized and a "username/password" prompt is shown

    Can anyone help with this settings ?
    thanks

    ------------------------------
    stefano colombo
    ------------------------------


  • 2.  RE: IAP MAC-BAsed Authentication

    Posted 23 days ago
    Have you specified MAC Authentication within the Network Profile and the NPS server as the external server?

    https://www.arubanetworks.com/techdocs/Instant_86_WebHelp/Content/instant-ug/authentication/conf-mac-auth.htm

    ------------------------------
    Craig Syme
    ------------------------------



  • 3.  RE: IAP MAC-BAsed Authentication

    Posted 23 days ago

    Hello Craig ,
    here is how I configured the Network
    The Wifi  shoudl be utilized by Smart Devices, with MAC only authentication , and also by domain computers with cert based auth.
    On the windws NPS we defined two different Network policies



    ------------------------------
    stefano colombo
    ------------------------------



  • 4.  RE: IAP MAC-BAsed Authentication

    Posted 22 days ago
    Did you also configure an authentication server within the MAC Authentication settings, this will send the MAC AUTH requests to the correct server? Unfortunately this part is missing from the screenshot.

    ------------------------------
    Craig Syme
    ------------------------------



  • 5.  RE: IAP MAC-BAsed Authentication

    Posted 22 days ago
    Hello Craig
    I don't see a specific setting for MAC authentication below the complete screenshot





    ------------------------------
    stefano colombo
    ------------------------------



  • 6.  RE: IAP MAC-BAsed Authentication

    Posted 19 days ago

    Hello Craig ,
    what I've found in the logs is the the Iphone was trying to use the MSCHAP authentication even if we'd like to authorize the user only by MAC without he had to add the credentials
    <Data Name="Reason">The user attempted to use an authentication method that is not enabled on the matching network policy.</Data>
    <Data Name="LoggingResult">Accounting information was written to the local log file.</Data>

    so we add the MSCHAP to the Network Policy on the NPS server as the picture



    This way it works but the user has to still enter the credentials





    ------------------------------
    stefano colombo
    ------------------------------