We have ClearPass 6.7.9 and I have completed around 90% of the configuration but I can't get the user authentication working. We want to have a single SSID with EAP-TLS utilising an internal CA for domain computers and PEAP MSCHAPv2 utiliising a public CA certificate for non-domain computers.
We have the computer authentication using the same internal CA working perfectly.
We imported the COMODO certificate into ClearPass but in the (user authentication) service there is only a single drop-down menu to select the certificate. How do I specify that the internal CA certificate should be used for EAP-TLS and the COMODO certificate should be used for PEAP MSCHAPv2?
If a create two user authentication services (one for EAP-TLS and one for PEAP MSCHAPv2) the user authentication request is always matched against the first service - EAP-TLS in our testing. The authentication request for non-domain computers utilising PEAP MSCHAPv2 would then be rejected with "EAP: Client doesn't support configured EAP methods". I can't use the "Authentication:OuterMethod" attribute to separate the requests as it is always "EAP".
Any assistance would be greatly appreciated.