[Freeipa-users] Re: FreeIPA & wireless
MacOSx is strict in regards to self-signed and expired certificates. Please check there. On Wed, Nov 15, 2017 at 5:48 PM, Andrew Meyer via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Weird. We are having problems with it and our Aruba wireless using > FreeRADIUS. > > > On Wednesday, November 15, 2017 10:48 AM, Michael Plemmons via > FreeIPA-userswrote: > > > I do not remember having to update any SSL certs. I am upgraded to > High Sierra and have not had any problems with certs. > > > > > *Mike Plemmons | Senior DevOps Engineer | CrossChx* > 614.427.2411 <(614)%20427-2411> > mike.plemm...@crosschx.com > www.crosschx.com > > On Tue, Nov 14, 2017 at 3:47 PM, Andrew Meyer > wrote: > > For the newer macbooks (High Sierra) how did you get around the TLS 1.2 > requirement? Did you generate a SSL cert and publish that to the RADIUS > server? > > > > On Tuesday, November 14, 2017 9:54 AM, Michael Plemmons via FreeIPA-users > fedorahosted.org > wrote: > > > We have a range of OS X versions from 10.10 and newer. Our RADIUS server > (running FreeRadius on Linux) is using FreeIPA for the authentication via > LDAP. Our WiFi access point is configured to talk to the radius server > for authentication. > > > > > *Mike Plemmons | Senior DevOps Engineer | CrossChx* > 614.427.2411 <(614)%20427-2411> > mike.plemm...@crosschx.com > www.crosschx.com > > On Tue, Nov 14, 2017 at 9:47 AM, Andrew Meyer > wrote: > > Michael, > What version of Mac OS X are your MacBooks running? 10.12.5+? > > You are using Windows Server for RADIUS auth correct? > > > On Monday, November 13, 2017 2:35 PM, Michael Plemmons via FreeIPA-users > fedorahosted.org > wrote: > > > Our entire office is Macbooks. > > > > > *Mike Plemmons | Senior DevOps Engineer | CrossChx* > 614.427.2411 <(614)%20427-2411> > mike.plemm...@crosschx.com > www.crosschx.com > > On Mon, Nov 13, 2017 at 3:18 PM, Andrew Meyer > wrote: > > Do you have any MacBook users? > > > On Monday, November 13, 2017 2:07 PM, Michael Plemmons via FreeIPA-users > fedorahosted.org > wrote: > > > In order for us to make it work, I had to setup a RADIUS (FreeRadius) > server which uses FreeIPA as its backend. Our WiFi access point is > configured to point to the RADIUS server. I had to make sure the AD trust > package was installed on the FreeIPA server in order for the proper > security features to work. We do not have SSL certs on our machine. > > > > > *Mike Plemmons | Senior DevOps Engineer | CrossChx* > 614.427.2411 <(614)%20427-2411> > mike.plemm...@crosschx.com > www.crosschx.com > > On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users > fedorahosted.org > wrote: > > So I was wondering if anyone has FreeIPA setup to do authentication with > wireless. We have an ArubaNetworks platform setup to do EAP-PEAP only > communicating back to the current OpenLDAP system, but would like to > migrate to FreeIPA. > > I was able to set this up using Meraki MR18s but I have to use a WPA2-PSK > (enterprise) with splash page in order to log into my FreeIPA system. I > don't know if I will have to put the password in again I am waiting until > tonight to test that. > > All of our laptops are Mac OS X running El Capitan and a few running High > Sierra (w/ all of them upgrading eventually). We have under 5 laptops > running Windows 7-10 and are mostly hard wired. > > The issue is that when I log into wireless using FreeIPA I get prompted > for a password. It gets added to the keychain but when I shutdown for the > night and come back in the next day it asks for the password again the next > day. > > While researching this issue I found that some people have put SSL > certificates on the machines. I don't want to create and enroll an SSL > cert for EACH user. I would like to get system-wide one deployed IF this > is the correct way to go. > > While this may sound like a ArubaNetworks wireless issue I wanted to pose > this question to the mailing list just in case there was a step I missed or > didn't do something that might have been documented somewhere and to see if > anyone else has had this issue. > > Thank you in advance! > > __ _ > FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org > > To unsubscribe send an email to freeipa-users-leave@lists. > fedorahosted.org > > > __ _ > FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org > > To unsubscribe send
[Freeipa-users] Re: FreeIPA & wireless
Weird. We are having problems with it and our Aruba wireless using FreeRADIUS. On Wednesday, November 15, 2017 10:48 AM, Michael Plemmons via FreeIPA-userswrote: I do not remember having to update any SSL certs. I am upgraded to High Sierra and have not had any problems with certs. Mike Plemmons | Senior DevOps Engineer | CrossChx 614.427.2411mike.plemm...@crosschx.com www.crosschx.com On Tue, Nov 14, 2017 at 3:47 PM, Andrew Meyer wrote: For the newer macbooks (High Sierra) how did you get around the TLS 1.2 requirement? Did you generate a SSL cert and publish that to the RADIUS server? On Tuesday, November 14, 2017 9:54 AM, Michael Plemmons via FreeIPA-users wrote: We have a range of OS X versions from 10.10 and newer. Our RADIUS server (running FreeRadius on Linux) is using FreeIPA for the authentication via LDAP. Our WiFi access point is configured to talk to the radius server for authentication. Mike Plemmons | Senior DevOps Engineer | CrossChx 614.427.2411mike.plemm...@crosschx.com www.crosschx.com On Tue, Nov 14, 2017 at 9:47 AM, Andrew Meyer wrote: Michael,What version of Mac OS X are your MacBooks running? 10.12.5+? You are using Windows Server for RADIUS auth correct? On Monday, November 13, 2017 2:35 PM, Michael Plemmons via FreeIPA-users wrote: Our entire office is Macbooks. Mike Plemmons | Senior DevOps Engineer | CrossChx 614.427.2411mike.plemm...@crosschx.com www.crosschx.com On Mon, Nov 13, 2017 at 3:18 PM, Andrew Meyer wrote: Do you have any MacBook users? On Monday, November 13, 2017 2:07 PM, Michael Plemmons via FreeIPA-users wrote: In order for us to make it work, I had to setup a RADIUS (FreeRadius) server which uses FreeIPA as its backend. Our WiFi access point is configured to point to the RADIUS server. I had to make sure the AD trust package was installed on the FreeIPA server in order for the proper security features to work. We do not have SSL certs on our machine. Mike Plemmons | Senior DevOps Engineer | CrossChx 614.427.2411mike.plemm...@crosschx.com www.crosschx.com On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users wrote: So I was wondering if anyone has FreeIPA setup to do authentication with wireless. We have an ArubaNetworks platform setup to do EAP-PEAP only communicating back to the current OpenLDAP system, but would like to migrate to FreeIPA. I was able to set this up using Meraki MR18s but I have to use a WPA2-PSK (enterprise) with splash page in order to log into my FreeIPA system. I don't know if I will have to put the password in again I am waiting until tonight to test that. All of our laptops are Mac OS X running El Capitan and a few running High Sierra (w/ all of them upgrading eventually). We have under 5 laptops running Windows 7-10 and are mostly hard wired. The issue is that when I log into wireless using FreeIPA I get prompted for a password. It gets added to the keychain but when I shutdown for the night and come back in the next day it asks for the password again the next day. While researching this issue I found that some people have put SSL certificates on the machines. I don't want to create and enroll an SSL cert for EACH user. I would like to get system-wide one deployed IF this is the correct way to go. While this may sound like a ArubaNetworks wireless issue I wanted to pose this question to the mailing list just in case there was a step I missed or didn't do something that might have been documented somewhere and to see if anyone else has had this issue. Thank you in advance! __ _ FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org __ _ FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org __ _ FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org __ _ FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list --
[Freeipa-users] Re: FreeIPA & wireless
I do not remember having to update any SSL certs. I am upgraded to High Sierra and have not had any problems with certs. *Mike Plemmons | Senior DevOps Engineer | CrossChx* 614.427.2411 mike.plemm...@crosschx.com www.crosschx.com On Tue, Nov 14, 2017 at 3:47 PM, Andrew Meyerwrote: > For the newer macbooks (High Sierra) how did you get around the TLS 1.2 > requirement? Did you generate a SSL cert and publish that to the RADIUS > server? > > > > On Tuesday, November 14, 2017 9:54 AM, Michael Plemmons via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote: > > > We have a range of OS X versions from 10.10 and newer. Our RADIUS server > (running FreeRadius on Linux) is using FreeIPA for the authentication via > LDAP. Our WiFi access point is configured to talk to the radius server > for authentication. > > > > > *Mike Plemmons | Senior DevOps Engineer | CrossChx* > 614.427.2411 > mike.plemm...@crosschx.com > www.crosschx.com > > On Tue, Nov 14, 2017 at 9:47 AM, Andrew Meyer > wrote: > > Michael, > What version of Mac OS X are your MacBooks running? 10.12.5+? > > You are using Windows Server for RADIUS auth correct? > > > On Monday, November 13, 2017 2:35 PM, Michael Plemmons via FreeIPA-users > fedorahosted.org > wrote: > > > Our entire office is Macbooks. > > > > > *Mike Plemmons | Senior DevOps Engineer | CrossChx* > 614.427.2411 > mike.plemm...@crosschx.com > www.crosschx.com > > On Mon, Nov 13, 2017 at 3:18 PM, Andrew Meyer > wrote: > > Do you have any MacBook users? > > > On Monday, November 13, 2017 2:07 PM, Michael Plemmons via FreeIPA-users > fedorahosted.org > wrote: > > > In order for us to make it work, I had to setup a RADIUS (FreeRadius) > server which uses FreeIPA as its backend. Our WiFi access point is > configured to point to the RADIUS server. I had to make sure the AD trust > package was installed on the FreeIPA server in order for the proper > security features to work. We do not have SSL certs on our machine. > > > > > *Mike Plemmons | Senior DevOps Engineer | CrossChx* > 614.427.2411 > mike.plemm...@crosschx.com > www.crosschx.com > > On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users > fedorahosted.org > wrote: > > So I was wondering if anyone has FreeIPA setup to do authentication with > wireless. We have an ArubaNetworks platform setup to do EAP-PEAP only > communicating back to the current OpenLDAP system, but would like to > migrate to FreeIPA. > > I was able to set this up using Meraki MR18s but I have to use a WPA2-PSK > (enterprise) with splash page in order to log into my FreeIPA system. I > don't know if I will have to put the password in again I am waiting until > tonight to test that. > > All of our laptops are Mac OS X running El Capitan and a few running High > Sierra (w/ all of them upgrading eventually). We have under 5 laptops > running Windows 7-10 and are mostly hard wired. > > The issue is that when I log into wireless using FreeIPA I get prompted > for a password. It gets added to the keychain but when I shutdown for the > night and come back in the next day it asks for the password again the next > day. > > While researching this issue I found that some people have put SSL > certificates on the machines. I don't want to create and enroll an SSL > cert for EACH user. I would like to get system-wide one deployed IF this > is the correct way to go. > > While this may sound like a ArubaNetworks wireless issue I wanted to pose > this question to the mailing list just in case there was a step I missed or > didn't do something that might have been documented somewhere and to see if > anyone else has had this issue. > > Thank you in advance! > > __ _ > FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org > > To unsubscribe send an email to freeipa-users-leave@lists. > fedorahosted.org > > > __ _ > FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org > > To unsubscribe send an email to freeipa-users-leave@lists. > fedorahosted.org > > > > __ _ > FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org > > To unsubscribe send an email to freeipa-users-leave@lists. > fedorahosted.org > > > > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to
[Freeipa-users] Re: FreeIPA & wireless
For the newer macbooks (High Sierra) how did you get around the TLS 1.2 requirement? Did you generate a SSL cert and publish that to the RADIUS server? On Tuesday, November 14, 2017 9:54 AM, Michael Plemmons via FreeIPA-userswrote: We have a range of OS X versions from 10.10 and newer. Our RADIUS server (running FreeRadius on Linux) is using FreeIPA for the authentication via LDAP. Our WiFi access point is configured to talk to the radius server for authentication. Mike Plemmons | Senior DevOps Engineer | CrossChx 614.427.2411mike.plemm...@crosschx.com www.crosschx.com On Tue, Nov 14, 2017 at 9:47 AM, Andrew Meyer wrote: Michael,What version of Mac OS X are your MacBooks running? 10.12.5+? You are using Windows Server for RADIUS auth correct? On Monday, November 13, 2017 2:35 PM, Michael Plemmons via FreeIPA-users wrote: Our entire office is Macbooks. Mike Plemmons | Senior DevOps Engineer | CrossChx 614.427.2411mike.plemm...@crosschx.com www.crosschx.com On Mon, Nov 13, 2017 at 3:18 PM, Andrew Meyer wrote: Do you have any MacBook users? On Monday, November 13, 2017 2:07 PM, Michael Plemmons via FreeIPA-users wrote: In order for us to make it work, I had to setup a RADIUS (FreeRadius) server which uses FreeIPA as its backend. Our WiFi access point is configured to point to the RADIUS server. I had to make sure the AD trust package was installed on the FreeIPA server in order for the proper security features to work. We do not have SSL certs on our machine. Mike Plemmons | Senior DevOps Engineer | CrossChx 614.427.2411mike.plemm...@crosschx.com www.crosschx.com On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users wrote: So I was wondering if anyone has FreeIPA setup to do authentication with wireless. We have an ArubaNetworks platform setup to do EAP-PEAP only communicating back to the current OpenLDAP system, but would like to migrate to FreeIPA. I was able to set this up using Meraki MR18s but I have to use a WPA2-PSK (enterprise) with splash page in order to log into my FreeIPA system. I don't know if I will have to put the password in again I am waiting until tonight to test that. All of our laptops are Mac OS X running El Capitan and a few running High Sierra (w/ all of them upgrading eventually). We have under 5 laptops running Windows 7-10 and are mostly hard wired. The issue is that when I log into wireless using FreeIPA I get prompted for a password. It gets added to the keychain but when I shutdown for the night and come back in the next day it asks for the password again the next day. While researching this issue I found that some people have put SSL certificates on the machines. I don't want to create and enroll an SSL cert for EACH user. I would like to get system-wide one deployed IF this is the correct way to go. While this may sound like a ArubaNetworks wireless issue I wanted to pose this question to the mailing list just in case there was a step I missed or didn't do something that might have been documented somewhere and to see if anyone else has had this issue. Thank you in advance! __ _ FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org __ _ FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org __ _ FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: FreeIPA & wireless
We have a range of OS X versions from 10.10 and newer. Our RADIUS server (running FreeRadius on Linux) is using FreeIPA for the authentication via LDAP. Our WiFi access point is configured to talk to the radius server for authentication. *Mike Plemmons | Senior DevOps Engineer | CrossChx* 614.427.2411 mike.plemm...@crosschx.com www.crosschx.com On Tue, Nov 14, 2017 at 9:47 AM, Andrew Meyerwrote: > Michael, > What version of Mac OS X are your MacBooks running? 10.12.5+? > > You are using Windows Server for RADIUS auth correct? > > > On Monday, November 13, 2017 2:35 PM, Michael Plemmons via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote: > > > Our entire office is Macbooks. > > > > > *Mike Plemmons | Senior DevOps Engineer | CrossChx* > 614.427.2411 > mike.plemm...@crosschx.com > www.crosschx.com > > On Mon, Nov 13, 2017 at 3:18 PM, Andrew Meyer > wrote: > > Do you have any MacBook users? > > > On Monday, November 13, 2017 2:07 PM, Michael Plemmons via FreeIPA-users > fedorahosted.org > wrote: > > > In order for us to make it work, I had to setup a RADIUS (FreeRadius) > server which uses FreeIPA as its backend. Our WiFi access point is > configured to point to the RADIUS server. I had to make sure the AD trust > package was installed on the FreeIPA server in order for the proper > security features to work. We do not have SSL certs on our machine. > > > > > *Mike Plemmons | Senior DevOps Engineer | CrossChx* > 614.427.2411 > mike.plemm...@crosschx.com > www.crosschx.com > > On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users > fedorahosted.org > wrote: > > So I was wondering if anyone has FreeIPA setup to do authentication with > wireless. We have an ArubaNetworks platform setup to do EAP-PEAP only > communicating back to the current OpenLDAP system, but would like to > migrate to FreeIPA. > > I was able to set this up using Meraki MR18s but I have to use a WPA2-PSK > (enterprise) with splash page in order to log into my FreeIPA system. I > don't know if I will have to put the password in again I am waiting until > tonight to test that. > > All of our laptops are Mac OS X running El Capitan and a few running High > Sierra (w/ all of them upgrading eventually). We have under 5 laptops > running Windows 7-10 and are mostly hard wired. > > The issue is that when I log into wireless using FreeIPA I get prompted > for a password. It gets added to the keychain but when I shutdown for the > night and come back in the next day it asks for the password again the next > day. > > While researching this issue I found that some people have put SSL > certificates on the machines. I don't want to create and enroll an SSL > cert for EACH user. I would like to get system-wide one deployed IF this > is the correct way to go. > > While this may sound like a ArubaNetworks wireless issue I wanted to pose > this question to the mailing list just in case there was a step I missed or > didn't do something that might have been documented somewhere and to see if > anyone else has had this issue. > > Thank you in advance! > > __ _ > FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org > > To unsubscribe send an email to freeipa-users-leave@lists. > fedorahosted.org > > > __ _ > FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org > > To unsubscribe send an email to freeipa-users-leave@lists. > fedorahosted.org > > > > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > > > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: FreeIPA & wireless
Michael,What version of Mac OS X are your MacBooks running? 10.12.5+? You are using Windows Server for RADIUS auth correct? On Monday, November 13, 2017 2:35 PM, Michael Plemmons via FreeIPA-userswrote: Our entire office is Macbooks. Mike Plemmons | Senior DevOps Engineer | CrossChx 614.427.2411mike.plemm...@crosschx.com www.crosschx.com On Mon, Nov 13, 2017 at 3:18 PM, Andrew Meyer wrote: Do you have any MacBook users? On Monday, November 13, 2017 2:07 PM, Michael Plemmons via FreeIPA-users wrote: In order for us to make it work, I had to setup a RADIUS (FreeRadius) server which uses FreeIPA as its backend. Our WiFi access point is configured to point to the RADIUS server. I had to make sure the AD trust package was installed on the FreeIPA server in order for the proper security features to work. We do not have SSL certs on our machine. Mike Plemmons | Senior DevOps Engineer | CrossChx 614.427.2411mike.plemm...@crosschx.com www.crosschx.com On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users wrote: So I was wondering if anyone has FreeIPA setup to do authentication with wireless. We have an ArubaNetworks platform setup to do EAP-PEAP only communicating back to the current OpenLDAP system, but would like to migrate to FreeIPA. I was able to set this up using Meraki MR18s but I have to use a WPA2-PSK (enterprise) with splash page in order to log into my FreeIPA system. I don't know if I will have to put the password in again I am waiting until tonight to test that. All of our laptops are Mac OS X running El Capitan and a few running High Sierra (w/ all of them upgrading eventually). We have under 5 laptops running Windows 7-10 and are mostly hard wired. The issue is that when I log into wireless using FreeIPA I get prompted for a password. It gets added to the keychain but when I shutdown for the night and come back in the next day it asks for the password again the next day. While researching this issue I found that some people have put SSL certificates on the machines. I don't want to create and enroll an SSL cert for EACH user. I would like to get system-wide one deployed IF this is the correct way to go. While this may sound like a ArubaNetworks wireless issue I wanted to pose this question to the mailing list just in case there was a step I missed or didn't do something that might have been documented somewhere and to see if anyone else has had this issue. Thank you in advance! __ _ FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org __ _ FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: FreeIPA & wireless
Our entire office is Macbooks. *Mike Plemmons | Senior DevOps Engineer | CrossChx* 614.427.2411 mike.plemm...@crosschx.com www.crosschx.com On Mon, Nov 13, 2017 at 3:18 PM, Andrew Meyerwrote: > Do you have any MacBook users? > > > On Monday, November 13, 2017 2:07 PM, Michael Plemmons via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote: > > > In order for us to make it work, I had to setup a RADIUS (FreeRadius) > server which uses FreeIPA as its backend. Our WiFi access point is > configured to point to the RADIUS server. I had to make sure the AD trust > package was installed on the FreeIPA server in order for the proper > security features to work. We do not have SSL certs on our machine. > > > > > *Mike Plemmons | Senior DevOps Engineer | CrossChx* > 614.427.2411 > mike.plemm...@crosschx.com > www.crosschx.com > > On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote: > > So I was wondering if anyone has FreeIPA setup to do authentication with > wireless. We have an ArubaNetworks platform setup to do EAP-PEAP only > communicating back to the current OpenLDAP system, but would like to > migrate to FreeIPA. > > I was able to set this up using Meraki MR18s but I have to use a WPA2-PSK > (enterprise) with splash page in order to log into my FreeIPA system. I > don't know if I will have to put the password in again I am waiting until > tonight to test that. > > All of our laptops are Mac OS X running El Capitan and a few running High > Sierra (w/ all of them upgrading eventually). We have under 5 laptops > running Windows 7-10 and are mostly hard wired. > > The issue is that when I log into wireless using FreeIPA I get prompted > for a password. It gets added to the keychain but when I shutdown for the > night and come back in the next day it asks for the password again the next > day. > > While researching this issue I found that some people have put SSL > certificates on the machines. I don't want to create and enroll an SSL > cert for EACH user. I would like to get system-wide one deployed IF this > is the correct way to go. > > While this may sound like a ArubaNetworks wireless issue I wanted to pose > this question to the mailing list just in case there was a step I missed or > didn't do something that might have been documented somewhere and to see if > anyone else has had this issue. > > Thank you in advance! > > __ _ > FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org > > To unsubscribe send an email to freeipa-users-leave@lists. > fedorahosted.org > > > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > > > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: FreeIPA & wireless
Do you have any MacBook users? On Monday, November 13, 2017 2:07 PM, Michael Plemmons via FreeIPA-userswrote: In order for us to make it work, I had to setup a RADIUS (FreeRadius) server which uses FreeIPA as its backend. Our WiFi access point is configured to point to the RADIUS server. I had to make sure the AD trust package was installed on the FreeIPA server in order for the proper security features to work. We do not have SSL certs on our machine. Mike Plemmons | Senior DevOps Engineer | CrossChx 614.427.2411mike.plemm...@crosschx.com www.crosschx.com On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users wrote: So I was wondering if anyone has FreeIPA setup to do authentication with wireless. We have an ArubaNetworks platform setup to do EAP-PEAP only communicating back to the current OpenLDAP system, but would like to migrate to FreeIPA. I was able to set this up using Meraki MR18s but I have to use a WPA2-PSK (enterprise) with splash page in order to log into my FreeIPA system. I don't know if I will have to put the password in again I am waiting until tonight to test that. All of our laptops are Mac OS X running El Capitan and a few running High Sierra (w/ all of them upgrading eventually). We have under 5 laptops running Windows 7-10 and are mostly hard wired. The issue is that when I log into wireless using FreeIPA I get prompted for a password. It gets added to the keychain but when I shutdown for the night and come back in the next day it asks for the password again the next day. While researching this issue I found that some people have put SSL certificates on the machines. I don't want to create and enroll an SSL cert for EACH user. I would like to get system-wide one deployed IF this is the correct way to go. While this may sound like a ArubaNetworks wireless issue I wanted to pose this question to the mailing list just in case there was a step I missed or didn't do something that might have been documented somewhere and to see if anyone else has had this issue. Thank you in advance! __ _ FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists. fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: FreeIPA & wireless
In order for us to make it work, I had to setup a RADIUS (FreeRadius) server which uses FreeIPA as its backend. Our WiFi access point is configured to point to the RADIUS server. I had to make sure the AD trust package was installed on the FreeIPA server in order for the proper security features to work. We do not have SSL certs on our machine. *Mike Plemmons | Senior DevOps Engineer | CrossChx* 614.427.2411 mike.plemm...@crosschx.com www.crosschx.com On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > So I was wondering if anyone has FreeIPA setup to do authentication with > wireless. We have an ArubaNetworks platform setup to do EAP-PEAP only > communicating back to the current OpenLDAP system, but would like to > migrate to FreeIPA. > > I was able to set this up using Meraki MR18s but I have to use a WPA2-PSK > (enterprise) with splash page in order to log into my FreeIPA system. I > don't know if I will have to put the password in again I am waiting until > tonight to test that. > > All of our laptops are Mac OS X running El Capitan and a few running High > Sierra (w/ all of them upgrading eventually). We have under 5 laptops > running Windows 7-10 and are mostly hard wired. > > The issue is that when I log into wireless using FreeIPA I get prompted > for a password. It gets added to the keychain but when I shutdown for the > night and come back in the next day it asks for the password again the next > day. > > While researching this issue I found that some people have put SSL > certificates on the machines. I don't want to create and enroll an SSL > cert for EACH user. I would like to get system-wide one deployed IF this > is the correct way to go. > > While this may sound like a ArubaNetworks wireless issue I wanted to pose > this question to the mailing list just in case there was a step I missed or > didn't do something that might have been documented somewhere and to see if > anyone else has had this issue. > > Thank you in advance! > > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org