Occasional Contributor II

Macbook issues

Not sure how to describe this, but I have several mac clients successfully authenticating via 802.1x (eap-mschapv2), but not getting an IP address because they are not seeing or recognizing the Versign Certificate I installed on the Aruba Controllers. I verified the certificate and its good. Once I configure the 802.1x supplicant to manually accept the certificate then they get an IP. I have a Master/Local setup and terminate authentication on the Master. XP, Vista, and Win 7 don't seem to experience this, but some Macbook's do, OSX 10.5 or 10.6 – Also wanted to say that not all Macbooks experience this. Has anyone else experience this? Am I missing a setting either on the controllers or supplicant?

One more thing to add; Macbooks that are successfully authenticating and terminating on the controllers – the accept the certificate window pops up, but not on the ones that don't.

Any advise or help any of you can provide is greatly appreciated!

Re: Macbook issues

Any chance you're having the same issue discussed in this thread?
Jon Green, ACMX, CISSP, CISM, and a bunch of other acronyms
Aruba Security CTO
Occasional Contributor II

Re: Macbook issues

Yes and thanks!!
Guru Elite


The users that have the problem, do the certificates Appear in the Keychain application and is their status trusted or not? The ones that have the problem, see if they key was added to the chain but the user accidentally clicked on never trust by accident.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba Technical Webinars
Occasional Contributor II

Re: Macbook issues

The certificates are in key chain and are trusted. One way I am able to get around this is by editing locations and adding a new one specific to our location. Then the MacBook reconnects again. I assuming the "automatic" profile gets corrupt.

Thanks Colin!