This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Trying to configure wifi authentication Radius by certificates

nicolle_romain
New Contributor

‎05-18-2021 02:02 AM

Hello !

I'm using Ruckus Virtual SmartZone essential 5.1

I'm trying to configure wifi authentification with my Radius. I would like set computer AND user authentication. 

I know it's not possible (i think it's not). So i have an idea

If it's possible, set user authentication, AND certificates authentication. The certificate must be deployed with GPO (by exemple) for every computer of my domain.

That's how i think remplace the computer authentication. If your computer are in my domain, you have the certificate on it AND be log with your AD account on the computer and the authentication is allowed.

If one of these conditions is missing, authentication failed

User authentication is ready but i'm lost with certificates... Can't import certificate, each time i try to import one (.pem or .cer) i have this message : FAIL: Can not get root CA info

I try to import them in System -> certificates -> SZ Trusted CA certificates/chain (external)

And i don't see something like 'certificate authentication' in authentication methods of my Wireless LANs. Maybe because i have no certificate for the moment.

Thanks for helping 🙂

0 Kudos
2 REPLIES 2

syamantakomer
Community Admin
Community Admin

‎05-18-2021 02:06 PM

Hi Nicolle,

Please make sure TLS is enabled on AAA radius profile on SZ.

Also try to export he cert to .cer and upload again on controller Trusted CA cert store.


Syamantak Omer
Sr.Staff TSE | CWNA | CCNA | RCWA | RASZA | RICXI
RUCKUS Networks, CommScope!
Follow me on LinkedIn

nicolle_romain
New Contributor
In response to syamantakomer

‎05-19-2021 12:30 AM

Hi,

Thanks for your answer !

I searched where enable or disable the TLS and i found that, in :

Services & Profiles > Authentication > Proxy (SZ Authenticator) > Configure

I see some option about TLS, but on my controller i don't have it. The only one option i have is RFC 5580 Out Of Bank Location Delivery. I try to enable it even i think it's not about TLS and nothing happen.

Didn't find any option about TLS 😕

I import a cert with success. I imported it in DER encoded binary, but he need to be in base-64 encoded if you want no error on the controller.

I import with success a cert, but I don't know if I get it. When the controller will receive an asking authentication from someone, he will check by himself if the client know the certificate ?

So no need to configure something else to check if client (phone or laptop through AP) know the cert and can have access to the network ?

0 Kudos
Copyright © 2024 Khoros, LLC