An EAP server certificate from a PKI in your control is always the recommended
path. A public CA-signed EAP server certificate should be a last resort.
tim
From: The EDUCAUSE Wireless Issues Community Group Listserv
on behalf of "McClintic, Thomas"
Reply-To: The EDUCAUSE Wireless Issues
Just a clarification. Android 10 generates a MAC address per ESSID for the
lifetime of the OS instance. It does not change daily.
From: The EDUCAUSE Wireless Issues Community Group Listserv
on behalf of Felix Windt
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv
Date:
PEAP is not standardized and was not designed to be used outside a Windows
AD-joined, GPO controlled environment.
I'm hoping Google's changes (very welcome IMO) and continued restrictions on
Apple platforms will steer people away from legacy, deprecated protocols/EAP
methods.
tim
On
nd equally secure to a supplicant utility, so we also support
that avenue for configuration. However, if you don't have a public-CA-signed
certificate, they display the words "Not Trusted" in red bold letters during
the certificate verification process.
On Tue, Jul 31, 2018 at 5:30 PM
Just curious, for those running a supplicant configuration utility, why are you
using a public CA-signed EAP server certificate?
On 7/31/18, 4:21 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv
on behalf of Charles Rumford" wrote:
On 07/31/2018 04:18 PM, Michael Dickson
Feel free to unicast me any questions as well.
tim
TIM CAPPALLI | Aruba Security
On 6/4/18, 3:46 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv
on behalf of Kenny, Eric" wrote:
Hi Patrick,
We are using the guest portal for self-registered and sponsored guest
Hector,
Something definitely seems amiss then. I’ll take a look at the case.
A maximum of 1 access license is consumed per MAC address, regardless of
multiple sessions or lack of accounting stop.
Thanks for the followup.
tim
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
learPass - not so clear anymore
Authentication might not stop, but what about access to the UI or the ability
to make config changes?
-H
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cappalli, Tim (Aruba
Security)
Sent: T
Hector,
During a roam event where a new session is created, a stop should also be
generated by the NAD, so this should be a non-issue.
Also, as of 6.7.2, TACACS+ does not directly consume any access licenses (as
long as you have at least 100 access licenses installed, TACACS+ usage is
Kind of makes sense though doesn’t it? Why would you want to allow a device
unique private key to be used without requiring a device unlock?
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
on behalf of "Turner, Ryan H"
For the Aruba AP-303H, there is now a bracket that allows for two keystone
pass-through connectors on the bottom.
AP-303H-MNTW (JY688A)
On 1/23/18, 4:12 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv
on behalf of Richard Nedwich"
Just curious. Why aren't you using the same EAP server certificate across all
of your RADIUS servers?
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
on behalf of Linchuan Yang
Reply-To: The EDUCAUSE Wireless
What are you using for a AAA solution? ClearPass fully supports per-device PSK
with Cisco WLC’s with full self-registration.
tim
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
on behalf of Jason Cook
William – Very interested in this:
>> The wireless“eduroam” service is not available at the university, or for
>> university members at other institutions. Current interpretation of the laws
>> and policies surrounding use of state resources is that eduroam use is
>> prohibited on university
William – Very interested in this:
>> The wireless“eduroam” service is not available at the university, or for
>> university members at other institutions. Current interpretation of the laws
>> and policies surrounding use of state resources is that eduroam use is
>> prohibited on
ClearPass will auto-generate an internal WebAuth request by default after a
device registration.
Create a service to accept this request and issue a disconnect message to the
controller to force a reauthentication.
See these screenshots for the service config, it’s very basic. You only need
Aruba ClearPass Onboard also fully supports Android Oreo.
On 8/22/17, 6:16 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv
on behalf of Richard Nedwich" wrote:
Hi Bruce,
Yes, our Wizard
ireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cappalli, Tim (Aruba
Security)
Sent: Wednesday, July 12, 2017 10:33 AM
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] EAP-PEAP risk
E Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cappalli, Tim (Aruba
Security)
Sent: Wednesday, July 12, 2017 10:33 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-PEAP risk/benefit assessment
I’m curious abou
I’m curious about “…certs may give a false sense of security and identity”. Can
you elaborate on that?
Tim
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
on behalf of Thomas Carter
Reply-To: The EDUCAUSE Wireless
It really depends on how the supplicant is configured. If a configuration tool
was used, it may have locked the supplicant to a specific cert and disallowed
the user to approve exceptions.
On 7/4/17, 11:34 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv
on behalf of Julian Y
Can you elaborate on this comment?
“whereas with eduroam we were kind of locked-in to the PEAP model.”
Eduroam is EAP agnostic.
On 4/27/17, 10:57 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv
on behalf of Curtis K. Larsen"
Ben,
You can put a user into a restricted headless “provisioning” role temporarily
which would allow them to connect to your headless network and configure the
device. We can write policy to check the device registration database to ensure
that they actually have a registered headless device
Jason – Are the tablets managed by an MDM/EMM?
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
on behalf of "Osborne, Bruce W (Network
Operations)"
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
24 matches
Mail list logo