blog:aruba-mpsk-freeradius

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
blog:aruba-mpsk-freeradius [2020/03/01 12:23]
v0tti [Configure the SSID] 		blog:aruba-mpsk-freeradius [2020/06/29 14:59]
v0tti [Using Aruba MPSK with FreeRADIUS]
Line 9: Line 9:
 ==== Configure the FreeRADIUS Server ==== ==== Configure the FreeRADIUS Server ====
  
-When a client connects the controller will send a RADIUS request to the server. In the response you have to include the vendor-specific attribute ''Aruba-MPSK-Passphrase''. [[https://github.com/FreeRADIUS/freeRADIUS-server/blob/efba32e839caf5c276cef131b5f7d2ec3048f66a/share/dictionary/RADIUS/dictionary.aruba#L57|FreeRADIUS already includes the this]] with correct encoding and encryption (check if your version already includes this VSA, otherwise place the linked file at ''/usr/share/freeRADIUS/dictionary.aruba'' (this applies to Debian)). Here is an configuration example, please note that "ClearTextPassphrase" is the clear text password for the requesting device: ''Aruba-MPSK-Passphrase := "ClearTextPassphrase"''.+When a client connects the controller will send a RADIUS request to the server. In the response you have to include the vendor-specific attribute ''Aruba-MPSK-Passphrase''. [[https://github.com/FreeRADIUS/freeRADIUS-server/blob/efba32e839caf5c276cef131b5f7d2ec3048f66a/share/dictionary/RADIUS/dictionary.aruba#L57|FreeRADIUS already includes this]] with correct encoding and encryption (check if your version already includes this VSA, otherwise place the linked file at ''/usr/share/freeRADIUS/dictionary.aruba'' (this applies to Debian)). Here is an configuration example, please note that "ClearTextPassphrase" is the clear text password for the requesting device: ''Aruba-MPSK-Passphrase := "ClearTextPassphrase"''.
  
 If you operate a proxying RADIUS, like we do, your config could look like this: If you operate a proxying RADIUS, like we do, your config could look like this:
Line 23: Line 23:
 ==== Some Notes ==== ==== Some Notes ====
 Using MPSK without Clearpass is not officially supported and TAC probably won't help if any problem occurs. The controller will cache the password for a period of time (seems to be a couple of hours). Using MPSK without Clearpass is not officially supported and TAC probably won't help if any problem occurs. The controller will cache the password for a period of time (seems to be a couple of hours).
 +
 +Most of the work explained here was done by [[https://fem.social/@max|Maximilian Graul]] at [[https://fem.tu-ilmenau.de|FeM]], thanks!
  
 ---- ----
  • blog/aruba-mpsk-freeradius.txt
  • Last modified: 2024/02/08 10:31
  • by v0tti