MacOSx is strict in regards to self-signed and expired certificates. Please
check there.

On Wed, Nov 15, 2017 at 5:48 PM, Andrew Meyer via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> Weird.  We are having problems with it and our Aruba wireless using
> FreeRADIUS.
>
>
> On Wednesday, November 15, 2017 10:48 AM, Michael Plemmons via
> FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:
>
>
> I do not remember having to update any SSL certs.     I am upgraded to
> High Sierra and have not had any problems with certs.
>
>
>
>
> *Mike Plemmons | Senior DevOps Engineer | CrossChx*
> 614.427.2411 <(614)%20427-2411>
> mike.plemm...@crosschx.com
> www.crosschx.com
>
> On Tue, Nov 14, 2017 at 3:47 PM, Andrew Meyer <andrewm...@yahoo.com>
> wrote:
>
> For the newer macbooks (High Sierra) how did you get around the TLS 1.2
> requirement?   Did you generate a SSL cert and publish that to the RADIUS
> server?
>
>
>
> On Tuesday, November 14, 2017 9:54 AM, Michael Plemmons via FreeIPA-users 
> <freeipa-users@lists.
> fedorahosted.org <freeipa-users@lists.fedorahosted.org>> wrote:
>
>
> We have a range of OS X versions from 10.10 and newer.   Our RADIUS server
> (running FreeRadius on Linux) is using FreeIPA for the authentication via
> LDAP.   Our WiFi access point is configured to talk to the radius server
> for authentication.
>
>
>
>
> *Mike Plemmons | Senior DevOps Engineer | CrossChx*
> 614.427.2411 <(614)%20427-2411>
> mike.plemm...@crosschx.com
> www.crosschx.com
>
> On Tue, Nov 14, 2017 at 9:47 AM, Andrew Meyer <andrewm...@yahoo.com>
> wrote:
>
> Michael,
> What version of Mac OS X are your MacBooks running?   10.12.5+?
>
> You are using Windows Server for RADIUS auth correct?
>
>
> On Monday, November 13, 2017 2:35 PM, Michael Plemmons via FreeIPA-users 
> <freeipa-users@lists.
> fedorahosted.org <freeipa-users@lists.fedorahosted.org>> wrote:
>
>
> Our entire office is Macbooks.
>
>
>
>
> *Mike Plemmons | Senior DevOps Engineer | CrossChx*
> 614.427.2411 <(614)%20427-2411>
> mike.plemm...@crosschx.com
> www.crosschx.com
>
> On Mon, Nov 13, 2017 at 3:18 PM, Andrew Meyer <andrewm...@yahoo.com>
> wrote:
>
> Do you have any MacBook users?
>
>
> On Monday, November 13, 2017 2:07 PM, Michael Plemmons via FreeIPA-users 
> <freeipa-users@lists.
> fedorahosted.org <freeipa-users@lists.fedorahosted.org>> wrote:
>
>
> In order for us to make it work, I had to setup a RADIUS (FreeRadius)
> server which uses FreeIPA as its backend.   Our WiFi access point is
> configured to point to the RADIUS server.   I had to make sure the AD trust
> package was installed on the FreeIPA server in order for the proper
> security features to work.   We do not have SSL certs on our machine.
>
>
>
>
> *Mike Plemmons | Senior DevOps Engineer | CrossChx*
> 614.427.2411 <(614)%20427-2411>
> mike.plemm...@crosschx.com
> www.crosschx.com
>
> On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users 
> <freeipa-users@lists.
> fedorahosted.org <freeipa-users@lists.fedorahosted.org>> wrote:
>
> So I was wondering if anyone has FreeIPA setup to do authentication with
> wireless.   We have an ArubaNetworks platform setup to do EAP-PEAP only
> communicating back to the current OpenLDAP system, but would like to
> migrate to FreeIPA.
>
> I was able to set this up using Meraki MR18s but I have to use a WPA2-PSK
> (enterprise) with splash page in order to log into my FreeIPA system.   I
> don't know if I will have to put the password in again I am waiting until
> tonight to test that.
>
> All of our laptops are Mac OS X running El Capitan and a few running High
> Sierra (w/ all of them upgrading eventually).   We have under 5 laptops
> running Windows 7-10 and are mostly hard wired.
>
> The issue is that when I log into wireless using FreeIPA I get prompted
> for a password.   It gets added to the keychain but when I shutdown for the
> night and come back in the next day it asks for the password again the next
> day.
>
> While researching this issue I found that some people have put SSL
> certificates on the machines.   I don't want to create and enroll an SSL
> cert for EACH user.   I would like to get system-wide one deployed IF this
> is the correct way to go.
>
> While this may sound like a ArubaNetworks wireless issue I wanted to pose
> this question to the mailing list just in case there was a step I missed or
> didn't do something that might have been documented somewhere and to see if
> anyone else has had this issue.
>
> Thank you in advance!
>
> ______________________________ _________________
> FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
> <freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to freeipa-users-leave@lists.
> fedorahosted.org <freeipa-users-le...@lists.fedorahosted.org>
>
>
> ______________________________ _________________
> FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
> <freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to freeipa-users-leave@lists.
> fedorahosted.org <freeipa-users-le...@lists.fedorahosted.org>
>
>
>
> ______________________________ _________________
> FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
> <freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to freeipa-users-leave@lists.
> fedorahosted.org <freeipa-users-le...@lists.fedorahosted.org>
>
>
>
> ______________________________ _________________
> FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
> <freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to freeipa-users-leave@lists.
> fedorahosted.org <freeipa-users-le...@lists.fedorahosted.org>
>
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>


-- 
Best regards

Maciej Drobniuch
Network Security Engineer
Collective-Sense,LLC
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to