Security

last person joined: 10 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

macOS and Wireless - ClearPass

This thread has been viewed 0 times
  • 1.  macOS and Wireless - ClearPass

    Posted Mar 11, 2020 05:32 AM

    Situation

    ·         Using Aruba ClearPass

    o   User normally would under macOS select the SSID

    o   Enter their username and password

    o   Accept the certificate which is a generic cert if that makes sense

    ·         Deploying new MacBook Airs

    ·         Have FileVault turned on

    ·         Therefore need turn of Automatic Login

    o   This means the user logs in twice (once for FileVault and then the Network)

    ·         I am getting hit and miss when I reboot the computer log on to the Mac (FileVault stage)

    ·         Then am prompted with

    o   WiFi Staff Network

    o   Username

    o   Password

    ·         The use logs in

    o   The wireless icon in the top right hand corner of the screen is greyed out

    o   After 10 / 20 seconds the user logs in

    o   This part I am unable to get to work reliably

     

     

    Sometimes the process does not work and once the user gets in they receive errors about failed home drive connections.

    Other times the process works as it should.

     

    Would any members mind sharing your configurations for Wireless for macOS / AD / etc?

    ·         We do have an onsite Windows CA Server, but not using it at this stage for macOS

     

    Any help would be greatly appreciated.



  • 2.  RE: macOS and Wireless - ClearPass

    Posted Mar 11, 2020 11:36 AM

    Users should never be manually connecting to an SSID and entering their username and password. I'd highly recommend you enforce a password change and move to a managed supplicant (for managed devices) or onboarding flow (for unmanaged devices).



  • 3.  RE: macOS and Wireless - ClearPass

    Posted Mar 19, 2020 06:41 PM

    Hi,

    Had our outside partner / contractor look into this and they needed to allow MAC auth for Mac Laptops.

    This was done by adding AD Joined Macs to a newly created AD Security Group and then setup in ClearPass.

    We did come up with a problem regarding AD Sync which we have set to 10 hours, so this meant you would have to wait 10 hours after the device is Domain Joined and added to the Security Group.
    To fix that portion of ClearPass I temporarily I change the AD cache from 36000 seconds to 60 seconds, add to Security Group, wait over 60 seconds, if successful I change from 60 back to36000.