Posted on 12-18-2018 07:47 AM
Hi there, looking for some assistance.
Background: Using Macs that are NOT bound to AD, but use NoMAD to sync local user's account credentials to the domain and generate kerberos tickets for authentication to domain resources. Tickets work properly to authenticate to domain shares, printers, etc. However, we use Aruba ClearPass for our wireless network, and cannot get Kerberos to authenticate. We have conferenced in both Aruba and Jamf for help but cannot get things working. We had Aruba show us how to enable Kerberos authentication to our domain, and also had Jamf show us how to correctly set up a config profile for connecting to our WPA-2 Enterprise network. Basically, with a valid kerb ticket generated, we try a config profile that is set to auto-join using EAP-PEAP and "Use Directory Authentication". The Mac never attempts to auto-join, and if we attempt to manually join the network, we receive a generic error about not being able to join. On the other end, ClearPass can see the attempts to authenticate, but gives errors about authentication via MSCHAPv2.
Not sure where to go from here. I'm wondering if anyone here uses ClearPass and is attempting to perform the same thing we are and knows how to do it. I'd appreciate any help. Thanks!
Posted on 12-20-2018 06:09 AM
Bump
Posted on 12-20-2018 07:18 AM
My two cents. Find another solution. My Aruba issue never got resolved:
https://www.jamf.com/jamf-nation/discussions/24662/how-to-customize-what-gets-inventory-for-primary-mac-address-and-secondary-mac-address
I had Apple Enterprise Support, JAMF support and Aruba support all working on it. Apple and JAMF helped me find the solution but Aruba would not implement the solution.
Posted on 04-11-2019 07:06 PM
Hey, so we sound like we are going to be in the same boat with these issues. We are thinking of moving to ClearPass for our network auth control. Did you get this issue sorted?
We currently have this issue with our PC devices not auth'ing without manually configuring the profile (physically per computer), but don't want to get the same issues when moving to ClearPass soon.