Hi there, looking for some assistance.

Background: Using Macs that are NOT bound to AD, but use NoMAD to sync local user's account credentials to the domain and generate kerberos tickets for authentication to domain resources. Tickets work properly to authenticate to domain shares, printers, etc. However, we use Aruba ClearPass for our wireless network, and cannot get Kerberos to authenticate. We have conferenced in both Aruba and Jamf for help but cannot get things working. We had Aruba show us how to enable Kerberos authentication to our domain, and also had Jamf show us how to correctly set up a config profile for connecting to our WPA-2 Enterprise network. Basically, with a valid kerb ticket generated, we try a config profile that is set to auto-join using EAP-PEAP and "Use Directory Authentication". The Mac never attempts to auto-join, and if we attempt to manually join the network, we receive a generic error about not being able to join. On the other end, ClearPass can see the attempts to authenticate, but gives errors about authentication via MSCHAPv2.

Not sure where to go from here. I'm wondering if anyone here uses ClearPass and is attempting to perform the same thing we are and knows how to do it. I'd appreciate any help. Thanks!