blog:aruba-mpsk-freeradius

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
blog:aruba-mpsk-freeradius [2020/03/01 12:23]
v0tti [Configure the SSID] 		blog:aruba-mpsk-freeradius [2024/02/08 10:31] (current)
v0tti
Line 9: Line 9:
 ==== Configure the FreeRADIUS Server ==== ==== Configure the FreeRADIUS Server ====
  
-When a client connects the controller will send a RADIUS request to the server. In the response you have to include the vendor-specific attribute ''Aruba-MPSK-Passphrase''. [[https://github.com/FreeRADIUS/freeRADIUS-server/blob/efba32e839caf5c276cef131b5f7d2ec3048f66a/share/dictionary/RADIUS/dictionary.aruba#L57|FreeRADIUS already includes the this]] with correct encoding and encryption (check if your version already includes this VSA, otherwise place the linked file at ''/usr/share/freeRADIUS/dictionary.aruba'' (this applies to Debian)). Here is an configuration example, please note that "ClearTextPassphrase" is the clear text password for the requesting device: ''Aruba-MPSK-Passphrase := "ClearTextPassphrase"''.+When a client connects the controller will send a RADIUS request to the server. In the response you have to include the vendor-specific attribute ''Aruba-MPSK-Passphrase''. [[https://github.com/FreeRADIUS/freeRADIUS-server/blob/efba32e839caf5c276cef131b5f7d2ec3048f66a/share/dictionary/RADIUS/dictionary.aruba#L57|FreeRADIUS already includes this]] with correct encoding and encryption (check if your version already includes this VSA, otherwise place the linked file at ''/usr/share/freeRADIUS/dictionary.aruba'' (this applies to Debian)). Here is an configuration example, please note that "ClearTextPassphrase" is the clear text password for the requesting device: ''Aruba-MPSK-Passphrase := "ClearTextPassphrase"''.
  
 If you operate a proxying RADIUS, like we do, your config could look like this: If you operate a proxying RADIUS, like we do, your config could look like this:
Line 23: Line 23:
 ==== Some Notes ==== ==== Some Notes ====
 Using MPSK without Clearpass is not officially supported and TAC probably won't help if any problem occurs. The controller will cache the password for a period of time (seems to be a couple of hours). Using MPSK without Clearpass is not officially supported and TAC probably won't help if any problem occurs. The controller will cache the password for a period of time (seems to be a couple of hours).
 +
 +Most of the work explained here was done by [[https://fem.social/@netali|Jennifer Graul]] at [[https://fem.tu-ilmenau.de|FeM]], thanks!
  
 ---- ----
  • blog/aruba-mpsk-freeradius.1583061792.txt.gz
  • Last modified: 2020/03/01 12:23
  • by v0tti