Hello, i don’t know if i’m here on the right place, but do anybody have resources for igel 802.1x authentication? We’re using a network access control and in the logs i don’t even see that the igel wants to use 802.1x, they run against the mab authentication policy, so i guess something is wrong with wpa_supplicant, because the certificates shouldn’t matter at this point, right. needs wlan to be activated for 802.1x even in wired environments? thanks
Hello Michael, this great content is maybe covering your needs: www.igelexperts.com/2019/03/10/configure-igel-wifi-scep-with-ndes-part-1/
thanks, i’ll give it a try
okay, the ndes is a nice to have, but not necessary, or am i wrong? i would assume that i see something like invalid certificate in the logs if certificates would be the problem, but i just see the mab authentication, no hit on the 802.1x policy – so isn’t my problem a step before certificates even play a role?
if you use mac authentification bypass, then 802.1x is of no concern – MAB is for devices which do not have 802.1x configured. So in this case the devices dont use 802.1x and you wo’t see anything in logs either. or am i missing something here?
in the interface settings i have 802.1x activated, choosed EAP-TLS and added the path to the ca cert. We’ve other devices that use ad authentication, they run against the 802.1x policy, then identity policies will be queried and the NAC checks ad membership, certificates etc, when the igel run against the mab policy it just checks internal NAC users – so why don’t hit the igel the 802.1x policy?
possibly i have a big leck of knowledge, thats why i’m asking for ressources
How does your IGEL policy looks like? Since the devices are not part of the AD, how did you configured other devices like Print ports or iOS devices?
at the moment nothing but ad authentication works, but the pcs hit the 802.1x policy and use then the identity source ad, and the igel just use the mab policy as the other devices beside pcs… so you think the problem is in the NAC and on the igels is nothing more to do at the moment?
I mean, it’s hard to say from remote but since your IGELs are not part of the AD (I gues you have the AD login, which isn’t the same) I would ask your Network Department how they would deal with a standard Ubuntu Device.
On the endpoint, you could check in a terminal with journalctl -f
what the device does when it connects to LAN?
It’s not Wifi it’s wired, i’ll look at the log. if anybody has good ressources, post it — thank you, you helped me to get a little better picture of the whole
Sorry, I miswrote it, corrected to Lan.
On Network Debug Logs, this might help too:
Network
Parameter in the registry:
802.1X
• network.interfaces.ethernet.device%.ieee8021x.debug = Very verbose
Logfile
• /tmp/wpa_debug.all
👍
Continue reading and comment on the thread ‘Help with resources for IGEL 802.1x authentication?’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!