802.1X auto-join authentication with NoMAD

joelsenders
New Contributor III

Hi there, looking for some assistance.

Background: Using Macs that are NOT bound to AD, but use NoMAD to sync local user's account credentials to the domain and generate kerberos tickets for authentication to domain resources. Tickets work properly to authenticate to domain shares, printers, etc. However, we use Aruba ClearPass for our wireless network, and cannot get Kerberos to authenticate. We have conferenced in both Aruba and Jamf for help but cannot get things working. We had Aruba show us how to enable Kerberos authentication to our domain, and also had Jamf show us how to correctly set up a config profile for connecting to our WPA-2 Enterprise network. Basically, with a valid kerb ticket generated, we try a config profile that is set to auto-join using EAP-PEAP and "Use Directory Authentication". The Mac never attempts to auto-join, and if we attempt to manually join the network, we receive a generic error about not being able to join. On the other end, ClearPass can see the attempts to authenticate, but gives errors about authentication via MSCHAPv2.

Not sure where to go from here. I'm wondering if anyone here uses ClearPass and is attempting to perform the same thing we are and knows how to do it. I'd appreciate any help. Thanks!

3 REPLIES 3

joelsenders
New Contributor III

Bump

mistacabbage
Contributor

My two cents. Find another solution. My Aruba issue never got resolved:

https://www.jamf.com/jamf-nation/discussions/24662/how-to-customize-what-gets-inventory-for-primary-mac-address-and-secondary-mac-address

I had Apple Enterprise Support, JAMF support and Aruba support all working on it. Apple and JAMF helped me find the solution but Aruba would not implement the solution.

jonathan_mcc
New Contributor III

Hey, so we sound like we are going to be in the same boat with these issues. We are thinking of moving to ClearPass for our network auth control. Did you get this issue sorted?

We currently have this issue with our PC devices not auth'ing without manually configuring the profile (physically per computer), but don't want to get the same issues when moving to ClearPass soon.