Security

last person joined: 9 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

onboard Ubuntu and other Linux

This thread has been viewed 5 times

  • 1.  onboard Ubuntu and other Linux

    Posted Aug 28, 2017 06:43 AM
      |   view attached

    Hi guys,

     

    i've been testing to onboard linux Ubuntu 14, Ubuntu 16, and Linux Mint.

    other OS such and Windows, Android, etc already working fine.

     

    i have problem with those OSes, Ubuntu 14 can do the onboard fine until the onboard reconfigure device SSID to the EAP-TLS SSID but leaves error and unable to connect.

    onboard.JPG

    i also attach the logs of the access tracker.

    other Linux such us Ubuntu 16 and Linux Mint error at the end of quickconnect. is there a way instead using web enrollment? web enrollment generate a pkcs12 certificate and it's big trouble for normal user to connect manually.

     

     



  • 2.  RE: onboard Ubuntu and other Linux

    Posted Aug 28, 2017 06:59 AM

    sorry nevermind this.

    my mistake i chose the auth mehtod using OCSP enabled TLS.

    i use just TLS and it works fine.

     

    but i still not able to onboard Ubuntu 16 and other Linux.

    anyone has a workaround for this?

    if i use Ubuntu onboarding profile, the quickconnect ERROR on the last step configuring new network.



  • 3.  RE: onboard Ubuntu and other Linux

    Posted Oct 11, 2017 05:27 AM

    I've got the same question, how would you best onboard a ubuntu 16 or other linux device ?



  • 4.  RE: onboard Ubuntu and other Linux

    Posted Oct 11, 2017 05:34 AM

    pop-up the device categorization under onboard setting, when you use linux anything but ubuntu 14, choose other (dont choose ubuntu even if it is ubuntu 16). it will help you auto generate the certificate and download it.

    but you have to setup the network profile manually.



  • 5.  RE: onboard Ubuntu and other Linux

    Posted Oct 11, 2017 08:02 AM

    Nice, had to activate this since it was not enabled in my case to choose.

    Anyway to get a pem-file instead of pkcs12 ? Had to convert the file with openssl, seems a hassle for the enduser.

     

    Then I had a bug in ubuntu with network manager, it wouldnt show my pem-files when browsing for privatekey file :D . Seems a common bug, but was a bit confused if I did something wrong first.

     

    Anyways it works now, bit of a hassle to convert from pkcs12 format...



  • 6.  RE: onboard Ubuntu and other Linux

    Posted Oct 11, 2017 08:18 AM

    yes it was my problem too. user had to convert it one by one but i dont see any other option for now.

    Customer already happy enough it could auto generate a cert and download it. running the same command to convert it for every user was not a problem for them.



  • 7.  RE: onboard Ubuntu and other Linux

    Posted Oct 11, 2017 08:22 AM

    Yeah, just build a instructionmanual and copy / paste a command should be allright for my customer too I guess.

     

    Thanks!

     

    Another question, do you know if this works for the device wired and wired ? I only see one mac-adress in onboard device list for my linux client, while seeing both wired and wireless for my windows devices.



  • 8.  RE: onboard Ubuntu and other Linux

    Posted Oct 11, 2017 08:31 AM

    didnt use wired for this case but i'm gonna do a POC next week for wired auth. i will give my linux a try and let you know.



  • 9.  RE: onboard Ubuntu and other Linux

    Posted Oct 11, 2017 08:45 AM

    Awesome! Would be good to know since my customer is planning wired support.