Security

Reply
Contributor I

Re: Clearpass Authentication TimeOut

Hi,

 

certificate path: when i do a doubleclick on my local certificate, i see my (issued by )intermediate Certificate, and this comes from our ROOT CA.

 

Hope you understand me. My english is not the best.

 

Thx

Salvatore

Guru Elite

Re: Clearpass Authentication TimeOut

I understand.  Try configuring your client with "Validate Server Certificate" unchecked and see if your client can authenticate.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor I

Re: Clearpass Authentication TimeOut

if i uncheck "Validate Server Certificate" i had still connection to the wifi. the client use EAP-PEAP.

Monitor Live Tracking: Authentication Method: EAP-PEAP,EAP-MSCHAPv2.

 

When i check "Validate Server Certificate" i receive EAP-PEAP,EAP-TLS.

 

My goal is that all employees when their comes to work, all Devices automatically connect to the WiFi via Certificate.

 

I tried to remove the EAP-PEAP on clearpass authentication Method, but unfortunately i had no connection to WiFi.

 

Thx

Salvatore

Contributor I

Re: Clearpass Authentication TimeOut

Good morning,

 

new situation: now my authentication with my certificate works.

Settings Clearpass: Authentication Method = EAP-TLS

Windows 7 client: Microsoft smartcard or other Certification

 

When i keep it so this settings, my Client will automatically connect to the WiFi.

But i receive a new failure message on access Tracker: Client does not support configured EAP methods

 

Our client must simultaneously build up an authentication to the AD.

If i add in the authentication Method: EAP-PEAP. Everything works fine too, but then i have 2 new Problems:

  1. i receive an Timeout message: Client did not complete EAP transaction
  2. big problem: now no matter wich settings i have on my client, he always gets an connection.

and that should not happen. He must verify first if my client have an valid certificate and then in the second step authenticate with my AD.

 

Someone have any idea ??

Maybe i have forgett to configure something on clearpass ?

 

Thx

Salvatore

MVP Guru

Re: Clearpass Authentication TimeOut

A couple suggestions:

- Are you using Microsoft CA as your Root CA to generate the unique certs ? If so , are you using machine and user cert or just machine ?
- also if you are not using a third party cert in ClearPass make sure you import it into certificates store or send through a GPO to your wireless clients
- Make sure that Microsoft Root CA has been added to the cert trusted list in ClearPass
- The wireless profile for the SSID needs to be set to use Smartcard or certificate manually , if you are only using Computer cert then just enable Computer auth instead user or computer
- in ClearPass then you need to allow EAP-TLS as a authentication method and use AD as authentication source
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I

Re: Clearpass Authentication TimeOut

Hi,

 

we have a corporate certificate.

 

  1. machine certificate on the clients
  2. certificate installed on clearpass
  3. and added to the trustet list.

If i configured as you described, EAP_TLS and source is AD it works. But then i receive following error messages: Radius -> EAP: Client doesn't support configured EAP methods

 

Clients settings: I have set Smartcard or certificate manually and i  only use computer auth.

 

thx

Salvatore

 

MVP Guru

Re: Clearpass Authentication TimeOut

Have you tried updating the drivers or another machine?

Sent from Outlook for iPhone
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I

Re: Clearpass Authentication TimeOut

Hi,

 

yes i have 2 or 3 Laptops to tests the WiFi connection. Network adapter driver have the latest update.

But another question:

  • is there any settings to do for authentication sequence ?
  • like if a client certificate exists and is valid (EAP_TLS) then
    • authenticate with AD
  • if not you reject.

Or which settings must be set on Clearpass ? Can i do this with enforcement ?

 

Thx

Salvatore

Contributor I

Re: Clearpass Authentication TimeOut

Hi,

everythings works now. I must uncheck under Configuration -> Services -> Authentication -> Authentication Methods = EAP_TLS -> uncheck = Authentication required.

 

Now i got certificate access without EAP Timeouts.

 

Thx for help.

 

 

TJ
Occasional Contributor I

Re: Clearpass Authentication TimeOut

Hi, all we are also getting EAP timeouts.  What was the fix for this issue?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: