Wireless Water Cooler

last person joined: 8 days ago 

Hang out and socialize with other community members in this off topic forum. Everything from industry trends to hobbies and interests are welcomed!
Back to discussions
Expand all | Collapse all

Is it possible to setup authentication to require both valid credentials and a user certificate

This thread has been viewed 0 times

  • 1.  Is it possible to setup authentication to require both valid credentials and a user certificate

    Posted May 22, 2015 01:48 PM

    We are trying to setup authentication to wireless, so that you must have a valid user certificate, as well as valid user credentials to authenticate. Our thought is can we have the controllers terminate the certificate authentication and if successful, pass the username and password provided to the NPS for authentication as well? has anyone setup something like this before?

     

    Thanks



  • 2.  RE: Is it possible to setup authentication to require both valid credentials and a user certificate

    EMPLOYEE
    Posted May 22, 2015 03:27 PM

    What about a machine cert + user creds.  Clearpass would help with this process immensely!

     

    Outside of that, why is the valid cert not good enough wrt security?



  • 3.  RE: Is it possible to setup authentication to require both valid credentials and a user certificate

    Posted May 22, 2015 06:00 PM

    Thanks for the reply, using a machine cert and creds would definitely work. This question was asked by my management staff as they feel using just a certificate wont be secure enough, so I just need to get all my options together and show them the best scenario I can. I like the idea of using clearpass, im just unsure I can get the funds to purchase it and am hoping I can do something with the current infrastructure



  • 4.  RE: Is it possible to setup authentication to require both valid credentials and a user certificate
    Best Answer

    EMPLOYEE
    Posted May 22, 2015 09:09 PM

    Wireless can only have  a single EAP type, so no.  You can authenticate via user certificate and then redirect to a captive portal to accept a username and password, but the question is...why would you?  It is probably too complicated for your clients.

     

    If an organization thinks that certificates are not enough, they should visit an organization that uses certificates to get a sense of how it works with a general population.

     



  • 5.  RE: Is it possible to setup authentication to require both valid credentials and a user certificate

    Posted May 25, 2015 08:10 AM
    If you have a third party radius server, like Juniper's IC 6500, you can have it check their certificate first, the go into AD via LDAP and have the user provide their AD password or PIN.


  • 6.  RE: Is it possible to setup authentication to require both valid credentials and a user certificate

    EMPLOYEE
    Posted May 25, 2015 05:00 PM
    wayne.cmiles@gmail.com wrote:
    If you have a third party radius server, like Juniper's IC 6500, you can have it check their certificate first, the go into AD via LDAP and have the user provide their AD password or PIN.

    wyane.cmiles@gmail.com,

     

    Does that also require a custom supplicant to enforce that action?