Security

Reply
Highlighted
New Contributor

macOS and Wireless - ClearPass

Situation

·         Using Aruba ClearPass

o   User normally would under macOS select the SSID

o   Enter their username and password

o   Accept the certificate which is a generic cert if that makes sense

·         Deploying new MacBook Airs

·         Have FileVault turned on

·         Therefore need turn of Automatic Login

o   This means the user logs in twice (once for FileVault and then the Network)

·         I am getting hit and miss when I reboot the computer log on to the Mac (FileVault stage)

·         Then am prompted with

o   WiFi Staff Network

o   Username

o   Password

·         The use logs in

o   The wireless icon in the top right hand corner of the screen is greyed out

o   After 10 / 20 seconds the user logs in

o   This part I am unable to get to work reliably

 

 

Sometimes the process does not work and once the user gets in they receive errors about failed home drive connections.

Other times the process works as it should.

 

Would any members mind sharing your configurations for Wireless for macOS / AD / etc?

·         We do have an onsite Windows CA Server, but not using it at this stage for macOS

 

Any help would be greatly appreciated.

Highlighted
Moderator

Re: macOS and Wireless - ClearPass

Users should never be manually connecting to an SSID and entering their username and password. I'd highly recommend you enforce a password change and move to a managed supplicant (for managed devices) or onboarding flow (for unmanaged devices).



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
New Contributor

Re: macOS and Wireless - ClearPass

Hi,

Had our outside partner / contractor look into this and they needed to allow MAC auth for Mac Laptops.

This was done by adding AD Joined Macs to a newly created AD Security Group and then setup in ClearPass.

We did come up with a problem regarding AD Sync which we have set to 10 hours, so this meant you would have to wait 10 hours after the device is Domain Joined and added to the Security Group.
To fix that portion of ClearPass I temporarily I change the AD cache from 36000 seconds to 60 seconds, add to Security Group, wait over 60 seconds, if successful I change from 60 back to36000.

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: