Ok so we had some visitors from south Africa on our campus, and most had blackberry curve devices. We have our radius server setup using PEAP and have a HA cert from digicert. Everything seems to work fine if the user has an active SIM card and has internet access via AT&T (or whomever). BUT for the users that did not get a local sim, they have ZERO access to any network, and their authentication fails. My assumption is that the BB devices are checking revocation lists for our cert, or something of that nature. I have tried telling those devices without a valid sim to not check the cert, but they still fail.
Radius fails on the password portion for invalid EAP type undetermined.
Then authentication fails
Aruba states: Reason Unspecified Failure
Is there any way around this? Has anyone else seen this issue?
On those devices failing, can you select the check box for Disable certificate validation to see if they are able to get on? I can't say for certain, but it sounds as though those devices without the SIM card may not have the appropriate CA trust list to include your certificate.
@clembo wrote:On those devices failing, can you select the check box for Disable certificate validation to see if they are able to get on? I can't say for certain, but it sounds as though those devices without the SIM card may not have the appropriate CA trust list to include your certificate.
We have tried that, and they still fail with the OP messages in aruba controller and NPS. We even tried changing all the <autos> to mschapv2, PEAP, and tried placing the subject for our cert. It is very odd, and once you pop in a working SIM that gives them access to at&t or t-mobile, it will authenticate without an issue...
This is not a major issue, but I always try to figure out why something is failing so I can learn what works and how to make it work :)
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.