Security

Ok so we had some visitors from south Africa on our campus, and most had blackberry curve devices.  We have our radius server setup using PEAP and have a HA cert from digicert.  Everything seems to work fine if the user has an active SIM card and has internet access via AT&T (or whomever). BUT for the users that did not get a local sim, they have ZERO access to any network, and their authentication fails.  My assumption is that the BB devices are checking revocation lists for our cert, or something of that nature.  I have tried telling those devices without a valid sim to not check the cert, but they still fail.

Radius fails on the password portion for invalid EAP type undetermined.

Then authentication fails

Aruba states: Reason Unspecified Failure

Is there any way around this?  Has anyone else seen this issue?

Thanks,

Dan

On those devices failing, can you select the check box for Disable certificate validation to see if they are able to get on?   I can't say for certain, but it sounds as though those devices without the SIM card may not have the appropriate CA trust list to include your certificate.  

---

@clembo wrote:

On those devices failing, can you select the check box for Disable certificate validation to see if they are able to get on?   I can't say for certain, but it sounds as though those devices without the SIM card may not have the appropriate CA trust list to include your certificate.  

 

---

We have tried that, and they still fail with the OP messages in aruba controller and NPS.  We even tried changing all the <autos> to mschapv2, PEAP, and tried placing the subject for our cert.  It is very odd, and once you pop in a working SIM that gives them access to at&t or t-mobile, it will authenticate without an issue...  

This is not a major issue, but I always try to figure out why something is failing so I can learn what works and how to make it work :)