Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

peap enforce certificate

This thread has been viewed 3 times

  • 1.  peap enforce certificate

    Posted Dec 22, 2015 11:54 PM
    HI
    I have setup PEAP authentication with server certificate. The NPS server is used for radius authentication clients are working fine with or without server certificate verification.
     
    how could i enforce that client should verify the server certificate otherwise the wireless not authenticated..


  • 2.  RE: peap enforce certificate

    EMPLOYEE
    Posted Dec 22, 2015 11:56 PM
    This is a client setting. You cannot force it from the radius server side unless you have control over the client via group policy, MDM, etc.

    Sent from Nine


  • 3.  RE: peap enforce certificate

    EMPLOYEE
    Posted Dec 23, 2015 03:58 AM
    Assuming that your clients are, in the majority, Windows clients, then you can enforce this in their Windows domain user profile. For iOS I think that anything after Mac iOS 7 actually forces the trust chain to be checked by default. I have had a customer case with iOS 8, the CA was corporate and not checked by default by iOS, hence authentication failed.

    Either way, these are client settings and not really enforceable from the network side.


  • 4.  RE: peap enforce certificate

    EMPLOYEE
    Posted Dec 24, 2015 07:44 AM

    I've moved this topic to the AAA, NAC, Guest Acces & BYOD board, as it was clearly not in Spanish :)

     

    Merry Christmas!



  • 5.  RE: peap enforce certificate

    Posted Jan 03, 2016 11:09 AM

    thank you! 

    in another way , can i limited to only  join the domain computer can access the wireless networks no use machine authentication?



  • 6.  RE: peap enforce certificate

    EMPLOYEE
    Posted Jan 03, 2016 11:11 AM
    Machine authentication is the method you use to limit to only domain machines.

    Sent from Nine


  • 7.  RE: peap enforce certificate

    Posted Jan 03, 2016 11:21 AM

    is there another way to  accomplish exclude machine authentication ?



  • 8.  RE: peap enforce certificate

    EMPLOYEE
    Posted Jan 03, 2016 11:25 AM
    You can issue certs to the devices. Why don't you want to use machine authentication?

    Sent from Nine


  • 9.  RE: peap enforce certificate

    Posted Jan 03, 2016 11:33 AM

    Using certificates to device too complex,machine authentication  is not easy to management。it seems only use machine authentication

     

    thanks

     

     



  • 10.  RE: peap enforce certificate

    EMPLOYEE
    Posted Jan 03, 2016 11:35 AM
    Machine authentication is very easy via group policy.

    Sent from Nine