[Freeipa-users] Re: FreeIPA & wireless

2017-11-24 Thread Maciej Drobniuch via FreeIPA-users 
MacOSx is strict in regards to self-signed and expired certificates. Please
check there.

On Wed, Nov 15, 2017 at 5:48 PM, Andrew Meyer via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> Weird.  We are having problems with it and our Aruba wireless using
> FreeRADIUS.
>
>
> On Wednesday, November 15, 2017 10:48 AM, Michael Plemmons via
> FreeIPA-users  wrote:
>
>
> I do not remember having to update any SSL certs. I am upgraded to
> High Sierra and have not had any problems with certs.
>
>
>
>
> *Mike Plemmons | Senior DevOps Engineer | CrossChx*
> 614.427.2411 <(614)%20427-2411>
> mike.plemm...@crosschx.com
> www.crosschx.com
>
> On Tue, Nov 14, 2017 at 3:47 PM, Andrew Meyer 
> wrote:
>
> For the newer macbooks (High Sierra) how did you get around the TLS 1.2
> requirement?   Did you generate a SSL cert and publish that to the RADIUS
> server?
>
>
>
> On Tuesday, November 14, 2017 9:54 AM, Michael Plemmons via FreeIPA-users 
>  fedorahosted.org > wrote:
>
>
> We have a range of OS X versions from 10.10 and newer.   Our RADIUS server
> (running FreeRadius on Linux) is using FreeIPA for the authentication via
> LDAP.   Our WiFi access point is configured to talk to the radius server
> for authentication.
>
>
>
>
> *Mike Plemmons | Senior DevOps Engineer | CrossChx*
> 614.427.2411 <(614)%20427-2411>
> mike.plemm...@crosschx.com
> www.crosschx.com
>
> On Tue, Nov 14, 2017 at 9:47 AM, Andrew Meyer 
> wrote:
>
> Michael,
> What version of Mac OS X are your MacBooks running?   10.12.5+?
>
> You are using Windows Server for RADIUS auth correct?
>
>
> On Monday, November 13, 2017 2:35 PM, Michael Plemmons via FreeIPA-users 
>  fedorahosted.org > wrote:
>
>
> Our entire office is Macbooks.
>
>
>
>
> *Mike Plemmons | Senior DevOps Engineer | CrossChx*
> 614.427.2411 <(614)%20427-2411>
> mike.plemm...@crosschx.com
> www.crosschx.com
>
> On Mon, Nov 13, 2017 at 3:18 PM, Andrew Meyer 
> wrote:
>
> Do you have any MacBook users?
>
>
> On Monday, November 13, 2017 2:07 PM, Michael Plemmons via FreeIPA-users 
>  fedorahosted.org > wrote:
>
>
> In order for us to make it work, I had to setup a RADIUS (FreeRadius)
> server which uses FreeIPA as its backend.   Our WiFi access point is
> configured to point to the RADIUS server.   I had to make sure the AD trust
> package was installed on the FreeIPA server in order for the proper
> security features to work.   We do not have SSL certs on our machine.
>
>
>
>
> *Mike Plemmons | Senior DevOps Engineer | CrossChx*
> 614.427.2411 <(614)%20427-2411>
> mike.plemm...@crosschx.com
> www.crosschx.com
>
> On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users 
>  fedorahosted.org > wrote:
>
> So I was wondering if anyone has FreeIPA setup to do authentication with
> wireless.   We have an ArubaNetworks platform setup to do EAP-PEAP only
> communicating back to the current OpenLDAP system, but would like to
> migrate to FreeIPA.
>
> I was able to set this up using Meraki MR18s but I have to use a WPA2-PSK
> (enterprise) with splash page in order to log into my FreeIPA system.   I
> don't know if I will have to put the password in again I am waiting until
> tonight to test that.
>
> All of our laptops are Mac OS X running El Capitan and a few running High
> Sierra (w/ all of them upgrading eventually).   We have under 5 laptops
> running Windows 7-10 and are mostly hard wired.
>
> The issue is that when I log into wireless using FreeIPA I get prompted
> for a password.   It gets added to the keychain but when I shutdown for the
> night and come back in the next day it asks for the password again the next
> day.
>
> While researching this issue I found that some people have put SSL
> certificates on the machines.   I don't want to create and enroll an SSL
> cert for EACH user.   I would like to get system-wide one deployed IF this
> is the correct way to go.
>
> While this may sound like a ArubaNetworks wireless issue I wanted to pose
> this question to the mailing list just in case there was a step I missed or
> didn't do something that might have been documented somewhere and to see if
> anyone else has had this issue.
>
> Thank you in advance!
>
> __ _
> FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
> 
> To unsubscribe send an email to freeipa-users-leave@lists.
> fedorahosted.org 
>
>
> __ _
> FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
> 
> To unsubscribe send

[Freeipa-users] Re: FreeIPA & wireless

2017-11-15 Thread Andrew Meyer via FreeIPA-users 
Weird.  We are having problems with it and our Aruba wireless using FreeRADIUS. 

On Wednesday, November 15, 2017 10:48 AM, Michael Plemmons via 
FreeIPA-users  wrote:
 

 I do not remember having to update any SSL certs.     I am upgraded to High 
Sierra and have not had any problems with certs.



Mike Plemmons | Senior DevOps Engineer | CrossChx
614.427.2411mike.plemm...@crosschx.com
www.crosschx.com 
On Tue, Nov 14, 2017 at 3:47 PM, Andrew Meyer  wrote:

For the newer macbooks (High Sierra) how did you get around the TLS 1.2 
requirement?   Did you generate a SSL cert and publish that to the RADIUS 
server?
 

On Tuesday, November 14, 2017 9:54 AM, Michael Plemmons via FreeIPA-users 
 wrote:
 

 We have a range of OS X versions from 10.10 and newer.   Our RADIUS server 
(running FreeRadius on Linux) is using FreeIPA for the authentication via LDAP. 
  Our WiFi access point is configured to talk to the radius server for 
authentication.



Mike Plemmons | Senior DevOps Engineer | CrossChx
614.427.2411mike.plemm...@crosschx.com
www.crosschx.com 
On Tue, Nov 14, 2017 at 9:47 AM, Andrew Meyer  wrote:

Michael,What version of Mac OS X are your MacBooks running?   10.12.5+?
You are using Windows Server for RADIUS auth correct? 

On Monday, November 13, 2017 2:35 PM, Michael Plemmons via FreeIPA-users 
 wrote:
 

 Our entire office is Macbooks.



Mike Plemmons | Senior DevOps Engineer | CrossChx
614.427.2411mike.plemm...@crosschx.com
www.crosschx.com 
On Mon, Nov 13, 2017 at 3:18 PM, Andrew Meyer  wrote:

Do you have any MacBook users? 

On Monday, November 13, 2017 2:07 PM, Michael Plemmons via FreeIPA-users 
 wrote:
 

 In order for us to make it work, I had to setup a RADIUS (FreeRadius) server 
which uses FreeIPA as its backend.   Our WiFi access point is configured to 
point to the RADIUS server.   I had to make sure the AD trust package was 
installed on the FreeIPA server in order for the proper security features to 
work.   We do not have SSL certs on our machine.



Mike Plemmons | Senior DevOps Engineer | CrossChx
614.427.2411mike.plemm...@crosschx.com
www.crosschx.com 
On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users 
 wrote:

So I was wondering if anyone has FreeIPA setup to do authentication with 
wireless.   We have an ArubaNetworks platform setup to do EAP-PEAP only 
communicating back to the current OpenLDAP system, but would like to migrate to 
FreeIPA.     
I was able to set this up using Meraki MR18s but I have to use a WPA2-PSK 
(enterprise) with splash page in order to log into my FreeIPA system.   I don't 
know if I will have to put the password in again I am waiting until tonight to 
test that.
All of our laptops are Mac OS X running El Capitan and a few running High 
Sierra (w/ all of them upgrading eventually).   We have under 5 laptops running 
Windows 7-10 and are mostly hard wired.
The issue is that when I log into wireless using FreeIPA I get prompted for a 
password.   It gets added to the keychain but when I shutdown for the night and 
come back in the next day it asks for the password again the next day.     
While researching this issue I found that some people have put SSL certificates 
on the machines.   I don't want to create and enroll an SSL cert for EACH user. 
  I would like to get system-wide one deployed IF this is the correct way to 
go.     
While this may sound like a ArubaNetworks wireless issue I wanted to pose this 
question to the mailing list just in case there was a step I missed or didn't 
do something that might have been documented somewhere and to see if anyone 
else has had this issue.     
Thank you in advance!
__ _
 FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
 To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org
 


__ _
FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org


   

__ _
FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org


   

__ _
FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org


   

___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


   ___
FreeIPA-users mailing list --

[Freeipa-users] Re: FreeIPA & wireless

2017-11-15 Thread Michael Plemmons via FreeIPA-users 
I do not remember having to update any SSL certs. I am upgraded to High
Sierra and have not had any problems with certs.




*Mike Plemmons | Senior DevOps Engineer | CrossChx*
614.427.2411
mike.plemm...@crosschx.com
www.crosschx.com

On Tue, Nov 14, 2017 at 3:47 PM, Andrew Meyer  wrote:

> For the newer macbooks (High Sierra) how did you get around the TLS 1.2
> requirement?   Did you generate a SSL cert and publish that to the RADIUS
> server?
>
>
>
> On Tuesday, November 14, 2017 9:54 AM, Michael Plemmons via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
>
> We have a range of OS X versions from 10.10 and newer.   Our RADIUS server
> (running FreeRadius on Linux) is using FreeIPA for the authentication via
> LDAP.   Our WiFi access point is configured to talk to the radius server
> for authentication.
>
>
>
>
> *Mike Plemmons | Senior DevOps Engineer | CrossChx*
> 614.427.2411
> mike.plemm...@crosschx.com
> www.crosschx.com
>
> On Tue, Nov 14, 2017 at 9:47 AM, Andrew Meyer 
> wrote:
>
> Michael,
> What version of Mac OS X are your MacBooks running?   10.12.5+?
>
> You are using Windows Server for RADIUS auth correct?
>
>
> On Monday, November 13, 2017 2:35 PM, Michael Plemmons via FreeIPA-users 
>  fedorahosted.org > wrote:
>
>
> Our entire office is Macbooks.
>
>
>
>
> *Mike Plemmons | Senior DevOps Engineer | CrossChx*
> 614.427.2411
> mike.plemm...@crosschx.com
> www.crosschx.com
>
> On Mon, Nov 13, 2017 at 3:18 PM, Andrew Meyer 
> wrote:
>
> Do you have any MacBook users?
>
>
> On Monday, November 13, 2017 2:07 PM, Michael Plemmons via FreeIPA-users 
>  fedorahosted.org > wrote:
>
>
> In order for us to make it work, I had to setup a RADIUS (FreeRadius)
> server which uses FreeIPA as its backend.   Our WiFi access point is
> configured to point to the RADIUS server.   I had to make sure the AD trust
> package was installed on the FreeIPA server in order for the proper
> security features to work.   We do not have SSL certs on our machine.
>
>
>
>
> *Mike Plemmons | Senior DevOps Engineer | CrossChx*
> 614.427.2411
> mike.plemm...@crosschx.com
> www.crosschx.com
>
> On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users 
>  fedorahosted.org > wrote:
>
> So I was wondering if anyone has FreeIPA setup to do authentication with
> wireless.   We have an ArubaNetworks platform setup to do EAP-PEAP only
> communicating back to the current OpenLDAP system, but would like to
> migrate to FreeIPA.
>
> I was able to set this up using Meraki MR18s but I have to use a WPA2-PSK
> (enterprise) with splash page in order to log into my FreeIPA system.   I
> don't know if I will have to put the password in again I am waiting until
> tonight to test that.
>
> All of our laptops are Mac OS X running El Capitan and a few running High
> Sierra (w/ all of them upgrading eventually).   We have under 5 laptops
> running Windows 7-10 and are mostly hard wired.
>
> The issue is that when I log into wireless using FreeIPA I get prompted
> for a password.   It gets added to the keychain but when I shutdown for the
> night and come back in the next day it asks for the password again the next
> day.
>
> While researching this issue I found that some people have put SSL
> certificates on the machines.   I don't want to create and enroll an SSL
> cert for EACH user.   I would like to get system-wide one deployed IF this
> is the correct way to go.
>
> While this may sound like a ArubaNetworks wireless issue I wanted to pose
> this question to the mailing list just in case there was a step I missed or
> didn't do something that might have been documented somewhere and to see if
> anyone else has had this issue.
>
> Thank you in advance!
>
> __ _
> FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
> 
> To unsubscribe send an email to freeipa-users-leave@lists.
> fedorahosted.org 
>
>
> __ _
> FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
> 
> To unsubscribe send an email to freeipa-users-leave@lists.
> fedorahosted.org 
>
>
>
> __ _
> FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
> 
> To unsubscribe send an email to freeipa-users-leave@lists.
> fedorahosted.org 
>
>
>
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to

[Freeipa-users] Re: FreeIPA & wireless

2017-11-14 Thread Andrew Meyer via FreeIPA-users 
For the newer macbooks (High Sierra) how did you get around the TLS 1.2 
requirement?  Did you generate a SSL cert and publish that to the RADIUS server?
 

On Tuesday, November 14, 2017 9:54 AM, Michael Plemmons via FreeIPA-users 
 wrote:
 

 We have a range of OS X versions from 10.10 and newer.   Our RADIUS server 
(running FreeRadius on Linux) is using FreeIPA for the authentication via LDAP. 
  Our WiFi access point is configured to talk to the radius server for 
authentication.



Mike Plemmons | Senior DevOps Engineer | CrossChx
614.427.2411mike.plemm...@crosschx.com
www.crosschx.com 
On Tue, Nov 14, 2017 at 9:47 AM, Andrew Meyer  wrote:

Michael,What version of Mac OS X are your MacBooks running?   10.12.5+?
You are using Windows Server for RADIUS auth correct? 

On Monday, November 13, 2017 2:35 PM, Michael Plemmons via FreeIPA-users 
 wrote:
 

 Our entire office is Macbooks.



Mike Plemmons | Senior DevOps Engineer | CrossChx
614.427.2411mike.plemm...@crosschx.com
www.crosschx.com 
On Mon, Nov 13, 2017 at 3:18 PM, Andrew Meyer  wrote:

Do you have any MacBook users? 

On Monday, November 13, 2017 2:07 PM, Michael Plemmons via FreeIPA-users 
 wrote:
 

 In order for us to make it work, I had to setup a RADIUS (FreeRadius) server 
which uses FreeIPA as its backend.   Our WiFi access point is configured to 
point to the RADIUS server.   I had to make sure the AD trust package was 
installed on the FreeIPA server in order for the proper security features to 
work.   We do not have SSL certs on our machine.



Mike Plemmons | Senior DevOps Engineer | CrossChx
614.427.2411mike.plemm...@crosschx.com
www.crosschx.com 
On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users 
 wrote:

So I was wondering if anyone has FreeIPA setup to do authentication with 
wireless.   We have an ArubaNetworks platform setup to do EAP-PEAP only 
communicating back to the current OpenLDAP system, but would like to migrate to 
FreeIPA.     
I was able to set this up using Meraki MR18s but I have to use a WPA2-PSK 
(enterprise) with splash page in order to log into my FreeIPA system.   I don't 
know if I will have to put the password in again I am waiting until tonight to 
test that.
All of our laptops are Mac OS X running El Capitan and a few running High 
Sierra (w/ all of them upgrading eventually).   We have under 5 laptops running 
Windows 7-10 and are mostly hard wired.
The issue is that when I log into wireless using FreeIPA I get prompted for a 
password.   It gets added to the keychain but when I shutdown for the night and 
come back in the next day it asks for the password again the next day.     
While researching this issue I found that some people have put SSL certificates 
on the machines.   I don't want to create and enroll an SSL cert for EACH user. 
  I would like to get system-wide one deployed IF this is the correct way to 
go.     
While this may sound like a ArubaNetworks wireless issue I wanted to pose this 
question to the mailing list just in case there was a step I missed or didn't 
do something that might have been documented somewhere and to see if anyone 
else has had this issue.     
Thank you in advance!
__ _
 FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
 To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org
 


__ _
FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org


   

__ _
FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org


   

___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


   ___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: FreeIPA & wireless

2017-11-14 Thread Michael Plemmons via FreeIPA-users 
We have a range of OS X versions from 10.10 and newer.   Our RADIUS server
(running FreeRadius on Linux) is using FreeIPA for the authentication via
LDAP.   Our WiFi access point is configured to talk to the radius server
for authentication.




*Mike Plemmons | Senior DevOps Engineer | CrossChx*
614.427.2411
mike.plemm...@crosschx.com
www.crosschx.com

On Tue, Nov 14, 2017 at 9:47 AM, Andrew Meyer  wrote:

> Michael,
> What version of Mac OS X are your MacBooks running?   10.12.5+?
>
> You are using Windows Server for RADIUS auth correct?
>
>
> On Monday, November 13, 2017 2:35 PM, Michael Plemmons via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
>
> Our entire office is Macbooks.
>
>
>
>
> *Mike Plemmons | Senior DevOps Engineer | CrossChx*
> 614.427.2411
> mike.plemm...@crosschx.com
> www.crosschx.com
>
> On Mon, Nov 13, 2017 at 3:18 PM, Andrew Meyer 
> wrote:
>
> Do you have any MacBook users?
>
>
> On Monday, November 13, 2017 2:07 PM, Michael Plemmons via FreeIPA-users 
>  fedorahosted.org > wrote:
>
>
> In order for us to make it work, I had to setup a RADIUS (FreeRadius)
> server which uses FreeIPA as its backend.   Our WiFi access point is
> configured to point to the RADIUS server.   I had to make sure the AD trust
> package was installed on the FreeIPA server in order for the proper
> security features to work.   We do not have SSL certs on our machine.
>
>
>
>
> *Mike Plemmons | Senior DevOps Engineer | CrossChx*
> 614.427.2411
> mike.plemm...@crosschx.com
> www.crosschx.com
>
> On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users 
>  fedorahosted.org > wrote:
>
> So I was wondering if anyone has FreeIPA setup to do authentication with
> wireless.   We have an ArubaNetworks platform setup to do EAP-PEAP only
> communicating back to the current OpenLDAP system, but would like to
> migrate to FreeIPA.
>
> I was able to set this up using Meraki MR18s but I have to use a WPA2-PSK
> (enterprise) with splash page in order to log into my FreeIPA system.   I
> don't know if I will have to put the password in again I am waiting until
> tonight to test that.
>
> All of our laptops are Mac OS X running El Capitan and a few running High
> Sierra (w/ all of them upgrading eventually).   We have under 5 laptops
> running Windows 7-10 and are mostly hard wired.
>
> The issue is that when I log into wireless using FreeIPA I get prompted
> for a password.   It gets added to the keychain but when I shutdown for the
> night and come back in the next day it asks for the password again the next
> day.
>
> While researching this issue I found that some people have put SSL
> certificates on the machines.   I don't want to create and enroll an SSL
> cert for EACH user.   I would like to get system-wide one deployed IF this
> is the correct way to go.
>
> While this may sound like a ArubaNetworks wireless issue I wanted to pose
> this question to the mailing list just in case there was a step I missed or
> didn't do something that might have been documented somewhere and to see if
> anyone else has had this issue.
>
> Thank you in advance!
>
> __ _
> FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
> 
> To unsubscribe send an email to freeipa-users-leave@lists.
> fedorahosted.org 
>
>
> __ _
> FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
> 
> To unsubscribe send an email to freeipa-users-leave@lists.
> fedorahosted.org 
>
>
>
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: FreeIPA & wireless

2017-11-14 Thread Andrew Meyer via FreeIPA-users 
Michael,What version of Mac OS X are your MacBooks running?  10.12.5+?
You are using Windows Server for RADIUS auth correct? 

On Monday, November 13, 2017 2:35 PM, Michael Plemmons via FreeIPA-users 
 wrote:
 

 Our entire office is Macbooks.



Mike Plemmons | Senior DevOps Engineer | CrossChx
614.427.2411mike.plemm...@crosschx.com
www.crosschx.com 
On Mon, Nov 13, 2017 at 3:18 PM, Andrew Meyer  wrote:

Do you have any MacBook users? 

On Monday, November 13, 2017 2:07 PM, Michael Plemmons via FreeIPA-users 
 wrote:
 

 In order for us to make it work, I had to setup a RADIUS (FreeRadius) server 
which uses FreeIPA as its backend.   Our WiFi access point is configured to 
point to the RADIUS server.   I had to make sure the AD trust package was 
installed on the FreeIPA server in order for the proper security features to 
work.   We do not have SSL certs on our machine.



Mike Plemmons | Senior DevOps Engineer | CrossChx
614.427.2411mike.plemm...@crosschx.com
www.crosschx.com 
On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users 
 wrote:

So I was wondering if anyone has FreeIPA setup to do authentication with 
wireless.   We have an ArubaNetworks platform setup to do EAP-PEAP only 
communicating back to the current OpenLDAP system, but would like to migrate to 
FreeIPA.     
I was able to set this up using Meraki MR18s but I have to use a WPA2-PSK 
(enterprise) with splash page in order to log into my FreeIPA system.   I don't 
know if I will have to put the password in again I am waiting until tonight to 
test that.
All of our laptops are Mac OS X running El Capitan and a few running High 
Sierra (w/ all of them upgrading eventually).   We have under 5 laptops running 
Windows 7-10 and are mostly hard wired.
The issue is that when I log into wireless using FreeIPA I get prompted for a 
password.   It gets added to the keychain but when I shutdown for the night and 
come back in the next day it asks for the password again the next day.     
While researching this issue I found that some people have put SSL certificates 
on the machines.   I don't want to create and enroll an SSL cert for EACH user. 
  I would like to get system-wide one deployed IF this is the correct way to 
go.     
While this may sound like a ArubaNetworks wireless issue I wanted to pose this 
question to the mailing list just in case there was a step I missed or didn't 
do something that might have been documented somewhere and to see if anyone 
else has had this issue.     
Thank you in advance!
__ _
 FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
 To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org
 


__ _
FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org


   

___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


   ___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: FreeIPA & wireless

2017-11-13 Thread Michael Plemmons via FreeIPA-users 
Our entire office is Macbooks.




*Mike Plemmons | Senior DevOps Engineer | CrossChx*
614.427.2411
mike.plemm...@crosschx.com
www.crosschx.com

On Mon, Nov 13, 2017 at 3:18 PM, Andrew Meyer  wrote:

> Do you have any MacBook users?
>
>
> On Monday, November 13, 2017 2:07 PM, Michael Plemmons via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
>
> In order for us to make it work, I had to setup a RADIUS (FreeRadius)
> server which uses FreeIPA as its backend.   Our WiFi access point is
> configured to point to the RADIUS server.   I had to make sure the AD trust
> package was installed on the FreeIPA server in order for the proper
> security features to work.   We do not have SSL certs on our machine.
>
>
>
>
> *Mike Plemmons | Senior DevOps Engineer | CrossChx*
> 614.427.2411
> mike.plemm...@crosschx.com
> www.crosschx.com
>
> On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
> So I was wondering if anyone has FreeIPA setup to do authentication with
> wireless.   We have an ArubaNetworks platform setup to do EAP-PEAP only
> communicating back to the current OpenLDAP system, but would like to
> migrate to FreeIPA.
>
> I was able to set this up using Meraki MR18s but I have to use a WPA2-PSK
> (enterprise) with splash page in order to log into my FreeIPA system.   I
> don't know if I will have to put the password in again I am waiting until
> tonight to test that.
>
> All of our laptops are Mac OS X running El Capitan and a few running High
> Sierra (w/ all of them upgrading eventually).   We have under 5 laptops
> running Windows 7-10 and are mostly hard wired.
>
> The issue is that when I log into wireless using FreeIPA I get prompted
> for a password.   It gets added to the keychain but when I shutdown for the
> night and come back in the next day it asks for the password again the next
> day.
>
> While researching this issue I found that some people have put SSL
> certificates on the machines.   I don't want to create and enroll an SSL
> cert for EACH user.   I would like to get system-wide one deployed IF this
> is the correct way to go.
>
> While this may sound like a ArubaNetworks wireless issue I wanted to pose
> this question to the mailing list just in case there was a step I missed or
> didn't do something that might have been documented somewhere and to see if
> anyone else has had this issue.
>
> Thank you in advance!
>
> __ _
> FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
> 
> To unsubscribe send an email to freeipa-users-leave@lists.
> fedorahosted.org 
>
>
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: FreeIPA & wireless

2017-11-13 Thread Andrew Meyer via FreeIPA-users 
Do you have any MacBook users? 

On Monday, November 13, 2017 2:07 PM, Michael Plemmons via FreeIPA-users 
 wrote:
 

 In order for us to make it work, I had to setup a RADIUS (FreeRadius) server 
which uses FreeIPA as its backend.   Our WiFi access point is configured to 
point to the RADIUS server.   I had to make sure the AD trust package was 
installed on the FreeIPA server in order for the proper security features to 
work.   We do not have SSL certs on our machine.



Mike Plemmons | Senior DevOps Engineer | CrossChx
614.427.2411mike.plemm...@crosschx.com
www.crosschx.com 
On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users 
 wrote:

So I was wondering if anyone has FreeIPA setup to do authentication with 
wireless.   We have an ArubaNetworks platform setup to do EAP-PEAP only 
communicating back to the current OpenLDAP system, but would like to migrate to 
FreeIPA.    
I was able to set this up using Meraki MR18s but I have to use a WPA2-PSK 
(enterprise) with splash page in order to log into my FreeIPA system.   I don't 
know if I will have to put the password in again I am waiting until tonight to 
test that.
All of our laptops are Mac OS X running El Capitan and a few running High 
Sierra (w/ all of them upgrading eventually).   We have under 5 laptops running 
Windows 7-10 and are mostly hard wired.
The issue is that when I log into wireless using FreeIPA I get prompted for a 
password.   It gets added to the keychain but when I shutdown for the night and 
come back in the next day it asks for the password again the next day.    
While researching this issue I found that some people have put SSL certificates 
on the machines.   I don't want to create and enroll an SSL cert for EACH user. 
  I would like to get system-wide one deployed IF this is the correct way to 
go.    
While this may sound like a ArubaNetworks wireless issue I wanted to pose this 
question to the mailing list just in case there was a step I missed or didn't 
do something that might have been documented somewhere and to see if anyone 
else has had this issue.    
Thank you in advance!
__ _
 FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
 To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org
 


___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


   ___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: FreeIPA & wireless

2017-11-13 Thread Michael Plemmons via FreeIPA-users 
In order for us to make it work, I had to setup a RADIUS (FreeRadius)
server which uses FreeIPA as its backend.   Our WiFi access point is
configured to point to the RADIUS server.   I had to make sure the AD trust
package was installed on the FreeIPA server in order for the proper
security features to work.   We do not have SSL certs on our machine.




*Mike Plemmons | Senior DevOps Engineer | CrossChx*
614.427.2411
mike.plemm...@crosschx.com
www.crosschx.com

On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> So I was wondering if anyone has FreeIPA setup to do authentication with
> wireless.   We have an ArubaNetworks platform setup to do EAP-PEAP only
> communicating back to the current OpenLDAP system, but would like to
> migrate to FreeIPA.
>
> I was able to set this up using Meraki MR18s but I have to use a WPA2-PSK
> (enterprise) with splash page in order to log into my FreeIPA system.   I
> don't know if I will have to put the password in again I am waiting until
> tonight to test that.
>
> All of our laptops are Mac OS X running El Capitan and a few running High
> Sierra (w/ all of them upgrading eventually).   We have under 5 laptops
> running Windows 7-10 and are mostly hard wired.
>
> The issue is that when I log into wireless using FreeIPA I get prompted
> for a password.   It gets added to the keychain but when I shutdown for the
> night and come back in the next day it asks for the password again the next
> day.
>
> While researching this issue I found that some people have put SSL
> certificates on the machines.   I don't want to create and enroll an SSL
> cert for EACH user.   I would like to get system-wide one deployed IF this
> is the correct way to go.
>
> While this may sound like a ArubaNetworks wireless issue I wanted to pose
> this question to the mailing list just in case there was a step I missed or
> didn't do something that might have been documented somewhere and to see if
> anyone else has had this issue.
>
> Thank you in advance!
>
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org