Security

 View Only
  • 1.  802.1x and Certificate on Aruba 505.

    Posted Dec 04, 2024 05:03 PM

    Hello All and Thank you in advance for your help. 

    I have a windows radius server up and running and working with 802.1x windows logins.  I am trying to add a certificate too so the user has to have both.  On the radius server, I added in EAP Types smart card or other certificate. Under EAP Types is there a certain order they need to be in to get the windows user authentication and then look for the certificate that I have?



  • 2.  RE: 802.1x and Certificate on Aruba 505.

    Posted Dec 04, 2024 05:06 PM

    Are you looking to have both user (with user certificate) and computer (with computer certificate) authenticated with Microsoft NPS?

    I don't think that is possible with NPS. You may have a look at TEAP for dual authentication, but don't know if NPS supports that.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: 802.1x and Certificate on Aruba 505.

    Posted Dec 04, 2024 05:14 PM

    No.  The user would login with their windows credentials, and the certificate would be installed on the PC.




  • 4.  RE: 802.1x and Certificate on Aruba 505.

    Posted Dec 10, 2024 02:32 PM

    bump




  • 5.  RE: 802.1x and Certificate on Aruba 505.

    Posted Dec 10, 2024 03:03 PM

    You haven't clarified your ask.  Are you wanting EAP-TLS or EAP-PEAP/MS-CHAPv2?  Are you wanting user authentication, computer authentication, or both?  What certificate are you installing?

    There are a bunch of guides available on the Internet for how to configure 802.1X support on a Windows client.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 6.  RE: 802.1x and Certificate on Aruba 505.

    Posted Dec 10, 2024 03:10 PM

    I would like to do computer auth.  I have the 802.1x  working.  I have a certificate from my AD Root CA.  




  • 7.  RE: 802.1x and Certificate on Aruba 505.

    Posted Dec 10, 2024 04:01 PM

    Your best option is going to be using GPO to push the required configuration and force certificate enrollment.

    https://learn.microsoft.com/en-us/windows-server/networking/technologies/extensible-authentication-protocol/configure-eap-profiles?tabs=netsh-wifi%2Cpowershell-vpn%2Csettings-wifi%2Cgroup-policy-wifi



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------