Controllerless Networks

last person joined: 15 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Aruba Instant authentication using Certificates and LDAP

This thread has been viewed 11 times

  • 1.  Aruba Instant authentication using Certificates and LDAP

    EMPLOYEE
    Posted Mar 28, 2017 09:45 AM

    Hi,

     

    I have a customer who has 10 205 APs working as instant, having one operating as Master and the others connected to it. They want to have the following setup:

    - user laptops should connect to the corporate SSID and authenticate using a certificate installed into the laptop and then, use the LDAP (Microsoft Active Directory) credentials.

     

    They want to have both together, so to avoid any third party laptops connect to this SSID, by just using the LDAP credentials of a user.

     

    I have connected the AP with the LDAP serer and LDAP authentication works just fine. My question is, is it possible to have an issued certificate installed into the laptop, the laptop use this certificate to authenticate and then propmpt for username and password, requiring the domain credentials?

     

    Thank you.

     

    Agelos



  • 2.  RE: Aruba Instant authentication using Certificates and LDAP

    EMPLOYEE
    Posted Mar 28, 2017 09:48 AM

    You need a radius server that supports EAP-TLS for that.



  • 3.  RE: Aruba Instant authentication using Certificates and LDAP

    EMPLOYEE
    Posted Mar 28, 2017 10:15 AM

    Hi Colin,

     

    Thanks for your quick response.

     

    I have a radius server which support EAP-TLS. The problem is that I'm confused onhow to setup this. I have created a SSID with security level set to Enterprise. The Key Management is set to WPA2-Enterpise, the Termination is enabled and the Authentication server is pointing to the LDAP server. What I understand is that Authentication server should point to the Radius server and then the Radius server to ask LDAP to authenticate the user using the domain credentials. Is this right? If this is the case, how I will force a wireless user to have a specific certificate installed, before performing the LDAP authentication? Or is this done by the Radius? 

     

    Sorry for all these questions. I just have to understand prior moving on with the certificates. It would be great if you could state some points or a step by step process to follow.

     

    Thanks again for your effort on this.

     

    Agelos



  • 4.  RE: Aruba Instant authentication using Certificates and LDAP

    EMPLOYEE
    Posted Mar 28, 2017 10:21 AM

    The client needs to be configured to use a specific client certificate. The RADIUS server will have a policy that allows certificates issued from specific CAs to authenticate.



  • 5.  RE: Aruba Instant authentication using Certificates and LDAP

    Posted Mar 28, 2017 10:31 AM

    This should get you going on how to the use the GPO cert autoenrollment option for Domain (Computers/Users) with ADCS : 

    http://www.petenetlive.com/KB/Article/0000919 

     

    Note: If the customer already has the ADCS function in place you can ignore some of the initial steps



  • 6.  RE: Aruba Instant authentication using Certificates and LDAP

    Posted Dec 13, 2017 09:26 AM

    Hi Agelos
    What is the softwares you're working on?

    I am using IAP 6.4 and Active Directory 2012 but the LDAP authentication is not working.