I want to have 2 services that I'm having trouble figuring out how to classify the incoming requests to a service.
The called-station SSID is the same, the NAD IP and SSID etc are the same, so I am finding it difficult to classify the service.
The only difference between the services (why I need 2) will be that one uses the standard EAP-TLS method and the other uses a custom EAP-TLS method with "Authorization Required" unticked. This custom one is used to authenticate clients against Microsoft InTune as shown by Mitchell in this YouTube video. I tried adding both EAP-TLS methods to the same Service but got an error.
So in total I will have 3 types of devices connecting to this same SSID on same NAD:
1. AD-managed device with username authentication against EAP-MSCHAPv2 and Active Directory as source
2. AD-managed device with certificate authentication against normal EAP-TLS and Active Directory as source
3. InTune managed device with Intune Extension authentication against special EAP-TLS with "Authorization Required" unticked.
The way I have things set up currently I don't think I will ever see the request just 'fail-through' and match the next service in the list, because it is matching the first service despite the wrong Authentication Method.
Any ideas are welcome.
Use a single service with PEAPv0/EAP-MSCHAPv2 and EAP-TLS with authorization disabled and handle any authorization logic in your enforcement policy.
Thanks I will try this and report back here.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.