FreeRADIUS + FreeIPA + Aruba 7005 controller
12-07-2017 08:26 PM - edited 12-07-2017 08:31 PM
We are trying to migrate from OepnLDAP to FreeIPA. My company uses all MacBooks. Anything from El capitan to (hopefully) High Sierra. However it looks like in order to wireless authentication we need to set up a RADIUS server. So I implemented FreeRADIUS. I was able to configure it using EAP+TTLS so that I wouldn't have to generate/put certificates on every machine. However when I copnfigure this and connect the Aruba controller to it I am able to connect using my mobile devices (Apple and Android 6,7).
Also the code on the Aruba controller is 22.214.171.124.
I have tuned on EAP+TLS and i'm not sure why, but 50% I get my mobile devices to work the rest I can get the Laptops to work. Has anyone else run into this issue? Does anyone have a similar setup?
We have our current 802.1X profile setup to auth directly against OpenLDAP, which ISN'T a deal breaker, but I would like to make this work with FreeRADIUS just in case.
Re: FreeRADIUS + FreeIPA + Aruba 7005 controller
12-11-2017 04:50 AM
I've never configured EAP-TLS on Freeradius but I expect you will need to change the default EAP type in the EAP module and then comment any EAP methods that you don't want to use.
First thing to do is to run Freeradius in debug mode to see what is going on, if you have EAP-TLS set as you default EAP type and you are still able to authenticate with a device that has no cert, have a look at the debug output and comment out the EAP type that it is using. In your case if you want to enforce EAP-TLS, you will probably need to comment out the PEAP section.