Security

 View Only
Expand all | Collapse all

ClearPass Policy Manager 6.12.1 with TEAP Method

This thread has been viewed 58 times
  • 1.  ClearPass Policy Manager 6.12.1 with TEAP Method

    Posted Mar 20, 2024 02:56 PM

    Hello Guys, I would like to some guidance in implementing EAP- Teap Method. 

    I have seen a lot of threads concerning TEAP method but so far nothing seem helpful. I have followed this guide:

    But my problem is that the before the user login the computer is authenticated correctly but after the user login the TEAP method does not fall over the second method. 

    I have to disconnect and rejoin the network for fall back to method 2. 

    I have tried a lot of things but nothing seems to work.

    Any help would me appreciated. 



  • 2.  RE: ClearPass Policy Manager 6.12.1 with TEAP Method

    Posted Mar 21, 2024 02:22 AM
    Edited by Piotras Mar 21, 2024 02:22 AM

    Hi

    Do you have configured option "user or computer authentication" in advanced settings of 802.1x windows supplicant ?

    How do you configure supplicant ? Manual or GPO ?

    If you can share screenshot from configuration supplicant.

    Regards

    Piotr Filip 



    ------------------------------
    Piotr Filip

    ACEX#41/ACCX/ACDX/ACMX/CWNA/CWSP
    ------------------------------



  • 3.  RE: ClearPass Policy Manager 6.12.1 with TEAP Method

    Posted Mar 21, 2024 09:28 AM

    Hi, 

    Yes, I have the option  "user or computer authentication" in advanced settings of 802.1x windows supplicant chosen.

    I am using Intune plug-in for Authentication since I can't use Azure AD. 

    I can also share my config from the set-up I did in the clearnpass. I have followed the documentation that I have found online.




  • 4.  RE: ClearPass Policy Manager 6.12.1 with TEAP Method

    Posted Mar 21, 2024 09:34 AM

    Forgot to mention. At the login screen, when you join the network, the machine auth works perfectly. But as soon as the user login you have to disconnect and reconnect the wifi for the user Auth to appear. 

    It works fine the opposite way when the user sign-out, the machine takes place which is the expected behavior. I am just trying to get around from disconnecting and reconnecting to the wifi every time as we have machine that we loaned to users.




  • 5.  RE: ClearPass Policy Manager 6.12.1 with TEAP Method

    Posted Mar 21, 2024 09:45 AM

    What method do you use for computer and user ? 

    Do you have managed computer by Azure AD ? It change GINA login to SAML.

    Regards

    Piotr Filip 



    ------------------------------
    Piotr Filip

    ACEX#41/ACCX/ACDX/ACMX/CWNA/CWSP
    ------------------------------



  • 6.  RE: ClearPass Policy Manager 6.12.1 with TEAP Method

    Posted Mar 21, 2024 09:56 AM

    Yes, we manage all of our windows computers in Azure.

    I am not sure what you meant by which method do I use form computer and user? Do you mind explaining further.

    Oumar 




  • 7.  RE: ClearPass Policy Manager 6.12.1 with TEAP Method

    Posted Mar 21, 2024 10:36 AM

    In supplicant you have button settings on right from configuration TEAP. Can you do screenshot from this ?

    Regards



    ------------------------------
    Piotr Filip

    ACEX#41/ACCX/ACDX/ACMX/CWNA/CWSP
    ------------------------------



  • 8.  RE: ClearPass Policy Manager 6.12.1 with TEAP Method

    Posted Mar 21, 2024 10:40 AM
      |   view attached

    Yes, here it is.




  • 9.  RE: ClearPass Policy Manager 6.12.1 with TEAP Method

    Posted Mar 22, 2024 09:35 AM

    Everything looks good.

    I see that you use the certificate for both authentication. Do you have many certificate for user ? When you manually reconnect, do you have a choice of certificate ?

    If yes, you need to configure EAP-TLS which is inside TEAP.

    Regards

    Piotr Filip 



    ------------------------------
    Piotr Filip

    ACEX#41/ACCX/ACDX/ACMX/CWNA/CWSP
    ------------------------------



  • 10.  RE: ClearPass Policy Manager 6.12.1 with TEAP Method

    Posted Mar 22, 2024 10:40 AM

    I am only using one cert of the user and one cert for the machine.

    When I disconnect and reconnect, it works as expected. I don't have to choose between cert.




  • 11.  RE: ClearPass Policy Manager 6.12.1 with TEAP Method

    Posted Mar 25, 2024 06:42 AM

    Everything looks fine and it's strange that there is a problem.

    Can you send the log from Access Tracker? You should have 3 logs:
    1. Computer authentication
    2. Computer authentication and user authentication error
    3. Correct authentication of the computer and the device after manual connection.

    Take screenshots and export logs for these 3 cases.

    Regards



    ------------------------------
    Piotr Filip

    ACEX#41/ACCX/ACDX/ACMX/CWNA/CWSP
    ------------------------------



  • 12.  RE: ClearPass Policy Manager 6.12.1 with TEAP Method

    Posted Mar 25, 2024 09:52 AM

    Thank You so much for your help @Piotras. It turns out that the network that I used to natively joined the computer was affecting the computer.

    After I forgot it, it worked as expected. It was definitely a window side. 




  • 13.  RE: ClearPass Policy Manager 6.12.1 with TEAP Method

    Posted Apr 20, 2024 02:24 PM

    Hi.  We are looking to upgrade from PEAP to TEAP for our wireless as well and as you mentioned Entra ID is not supported.  I wonder if you can share your service/rule setup such as Authentication, Authorization, Roles, and Enforcement.  Thanks.




  • 14.  RE: ClearPass Policy Manager 6.12.1 with TEAP Method

    Posted Apr 24, 2024 12:57 PM

    Not sure where you read that Entra ID is not supported for TEAP. Entra ID tries to get you away from password authentication, and basically the only authentication method possible is TLS with client certificates, do EAP-TLS or TEAP with EAP-TLS as inner methods.

    For TEAP, the TEAP Configuration guide should get you started. Integration with Entra ID is very similar for EAP-TLS and TEAP.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------