Security

Reply
Highlighted
New Contributor

Wifi authentication problem: with android and windows 7 clients

I have deployed aruba instant + clearpass policy manager on our environment. The clearpass policy manager has been configured radius service, and integrated with existing windows AD. The clients will authenticate with their AD account every time when they connect to the wifi network.


I found that on IOS devices, the client can connect to wifi by just entering their AD credentials. But for android and windows 7 clients, I need to create wifi profile manually on their devices, specifying the auth medod (e.g. EAP-PEAP)and no CA validation. Is there any configuration available on aruba instant or clearpass that I can change so that it can avoid creating Wifi profile on android and windows 7 clients, and connect to wifi network directly just like IOS device does? Thanks.

Highlighted
Moderator

Re: Wifi authentication problem: with android and windows 7 clients

You should deploy ClearPass Onboard.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
New Contributor

Re: Wifi authentication problem: with android and windows 7 clients

Hi Tim,

 

Thanks very much for your reply. As I know Clearpass onboard provides a same web portal login for clients which guides them to connect to Wifi network, no matter what types of devices they are using. However, our environment must allow users connecting to wifi by just entering their AD credentials, with no other options and web portal login is involved. May I confirm that deploying Clearpass onboard can handle our situation? Thanks.

Highlighted
MVP Guru

Re: Wifi authentication problem: with android and windows 7 clients

No, it doesn't and it is a bad idea to use AD credentials (PEAP-MSCHAPv2) in such a situation as the MSCHAPv2 protocol is cracked. Onboard deploys a device unique certificate to overcome that issue.

 

To understand why client configuration takes so much effort, check this post for some more background.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Highlighted
Moderator

Re: Wifi authentication problem: with android and windows 7 clients

So it sounds like the security of your user’s credentials is not important to your organization?


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Occasional Contributor II

Re: Wifi authentication problem: with android and windows 7 clients

@timcappalli  First off Go Pats, Fellow Bostonian here at a company your would be familiar with.  

 

I don't want to derail this thread but we recently hired a consultant for are CPPM deyployment in support of our wireless initiative.  We were directed to go with EAP-PEAP as opposed to EAP-TLS because the organization was not in a position to manage a PKI.  I'm now concerned because we would be using MSCHAPv2 authenticating our users via AD.  Is the onboard feature a PKI solution?

 

If you could point me to any documentation that would offer clarity it would be greatly appreciated. 

Highlighted
Moderator

Re: Wifi authentication problem: with android and windows 7 clients

While Onboard does use a PKI, it is not something you have to micromanage like a traditional PKI. You can have ClearPass Onboard configured in less than half hour.

 

I would recommend reaching out to your Aruba or partner team to discuss a design.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: