Security

last person joined: 13 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Blackberry 802.1x Question...

  • 1.  Blackberry 802.1x Question...

    Posted Apr 23, 2013 11:50 AM

    Ok so we had some visitors from south Africa on our campus, and most had blackberry curve devices.  We have our radius server setup using PEAP and have a HA cert from digicert.  Everything seems to work fine if the user has an active SIM card and has internet access via AT&T (or whomever). BUT for the users that did not get a local sim, they have ZERO access to any network, and their authentication fails.  My assumption is that the BB devices are checking revocation lists for our cert, or something of that nature.  I have tried telling those devices without a valid sim to not check the cert, but they still fail.

     

    Radius fails on the password portion for invalid EAP type undetermined.

    Then authentication fails

    Aruba states: Reason Unspecified Failure

     

    Is there any way around this?  Has anyone else seen this issue?

     

    Thanks,

    Dan



  • 2.  RE: Blackberry 802.1x Question...

    Posted Apr 23, 2013 12:39 PM

    On those devices failing, can you select the check box for Disable certificate validation to see if they are able to get on?   I can't say for certain, but it sounds as though those devices without the SIM card may not have the appropriate CA trust list to include your certificate.  

     



  • 3.  RE: Blackberry 802.1x Question...

    Posted Apr 23, 2013 12:44 PM

    @clembo wrote:

    On those devices failing, can you select the check box for Disable certificate validation to see if they are able to get on?   I can't say for certain, but it sounds as though those devices without the SIM card may not have the appropriate CA trust list to include your certificate.  

     


    We have tried that, and they still fail with the OP messages in aruba controller and NPS.  We even tried changing all the <autos> to mschapv2, PEAP, and tried placing the subject for our cert.  It is very odd, and once you pop in a working SIM that gives them access to at&t or t-mobile, it will authenticate without an issue...  

     

    This is not a major issue, but I always try to figure out why something is failing so I can learn what works and how to make it work :)