Security

Reply
New Contributor

Wifi authentication problem: with android and windows 7 clients

I have deployed aruba instant + clearpass policy manager on our environment. The clearpass policy manager has been configured radius service, and integrated with existing windows AD. The clients will authenticate with their AD account every time when they connect to the wifi network.


I found that on IOS devices, the client can connect to wifi by just entering their AD credentials. But for android and windows 7 clients, I need to create wifi profile manually on their devices, specifying the auth medod (e.g. EAP-PEAP)and no CA validation. Is there any configuration available on aruba instant or clearpass that I can change so that it can avoid creating Wifi profile on android and windows 7 clients, and connect to wifi network directly just like IOS device does? Thanks.

Guru Elite

Re: Wifi authentication problem: with android and windows 7 clients

You should deploy ClearPass Onboard.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
New Contributor

Re: Wifi authentication problem: with android and windows 7 clients

Hi Tim,

 

Thanks very much for your reply. As I know Clearpass onboard provides a same web portal login for clients which guides them to connect to Wifi network, no matter what types of devices they are using. However, our environment must allow users connecting to wifi by just entering their AD credentials, with no other options and web portal login is involved. May I confirm that deploying Clearpass onboard can handle our situation? Thanks.

MVP Guru

Re: Wifi authentication problem: with android and windows 7 clients

No, it doesn't and it is a bad idea to use AD credentials (PEAP-MSCHAPv2) in such a situation as the MSCHAPv2 protocol is cracked. Onboard deploys a device unique certificate to overcome that issue.

 

To understand why client configuration takes so much effort, check this post for some more background.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Guru Elite

Re: Wifi authentication problem: with android and windows 7 clients

So it sounds like the security of your user’s credentials is not important to your organization?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Wifi authentication problem: with android and windows 7 clients

@timcappalli  First off Go Pats, Fellow Bostonian here at a company your would be familiar with.  

 

I don't want to derail this thread but we recently hired a consultant for are CPPM deyployment in support of our wireless initiative.  We were directed to go with EAP-PEAP as opposed to EAP-TLS because the organization was not in a position to manage a PKI.  I'm now concerned because we would be using MSCHAPv2 authenticating our users via AD.  Is the onboard feature a PKI solution?

 

If you could point me to any documentation that would offer clarity it would be greatly appreciated. 

Guru Elite

Re: Wifi authentication problem: with android and windows 7 clients

While Onboard does use a PKI, it is not something you have to micromanage like a traditional PKI. You can have ClearPass Onboard configured in less than half hour.

 

I would recommend reaching out to your Aruba or partner team to discuss a design.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: