Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Windows Authentication Issue

This thread has been viewed 2 times

  • 1.  Windows Authentication Issue

    Posted Mar 22, 2018 07:28 PM

    Hi All,

    very new to Aruba/clearpass side of things.

    Having issue when connecting to our PoC wifi.

     

    i am on win 10 and when i try to connect to the wifi with DOMAINNAME\username it fails(this is prefilled with a tickbox when you connect to wifi) but when i manually type in domainname\username it accepts it.

    Error in clearpass says TLS session error and unknow CA.

    Currently since we are in trial period we dont have a cert but it baffles me that it accepts lower case domain name and not upper case.

     

    uppercase domain name is pre-filled and i would rather have that so users dont type in creds manually.

    Can someone help me out.



  • 2.  RE: Windows Authentication Issue

    Posted Mar 22, 2018 07:35 PM

    Your windows do not trust the certificate authority.

     

    The PC you are using to connect to this SSID needs to trust your CA.



  • 3.  RE: Windows Authentication Issue

    Posted Mar 22, 2018 07:37 PM

    but its a domain machine which connects to our exisitng wifi.

    i have all the necessary certs for current infrastructure.

     

    whats the difference between me typing domain name and computer pre-populating the info.



  • 4.  RE: Windows Authentication Issue

    Posted Mar 22, 2018 07:42 PM

    Ok.. If the computer is domain joined, can you please make sure ClearPass is also part of the domain & has the CA cert added to the trust list. .

     

    Also, try striping username:

    https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/What-is-quot-Strip-Username-Rules-quot-on-CPPM-and-how-to-use-it/ta-p/173504

     

    The unknown CA error is usually when your machine is not trusting the CA.

     



  • 5.  RE: Windows Authentication Issue

    Posted Mar 22, 2018 08:18 PM

    stripped rules did not work still get the same error.

     



  • 6.  RE: Windows Authentication Issue

    Posted Mar 22, 2018 08:21 PM

    And ClearPass has joined the domain & has CA cert added to the trust list?

    Can you share auth logs from CPPM for the request that is being denied.



  • 7.  RE: Windows Authentication Issue

    Posted Mar 22, 2018 09:01 PM

    Hi Jay,

     

    like i mentioned cert has not been added.

    but i am still unclear the difference between a manual entry and pre-filled information.

    why it fails in the latter but not the former



  • 8.  RE: Windows Authentication Issue

    Posted Mar 22, 2018 09:14 PM

    We are talking about two different types of auth here.

     

    Your authentication is failing because Windows is trying to use EAP-TLS by default & ClearPass do not trust your CA.

     

    When youa re entering credentials manually  you are using EAP-PEAP & the certificate installed on your machine will not be used for authentication anymore.



  • 9.  RE: Windows Authentication Issue

    Posted Mar 22, 2018 10:26 PM

    that makes sense.

    i will try to get a cert then