one of the most powerful consolidated video I have ever seen
@null_zero5 жыл бұрын
Trying something different with this one. The content is largely covered already on the channel so I've edited this down to give a single video overview of each step I took to build my lab.
@ulis18215 жыл бұрын
Joe Neville Appreciate that, great content perfectly condensed!
@null_zero5 жыл бұрын
@@ulis1821 Thanks, glad you think so.
@benedictagyemang38629 ай бұрын
This is very helpful and came at the right time.
@ruellerz5 жыл бұрын
Nice vid. FYI for other folks watching. Clearpass can be a CA as well and you can deploy EAP-TLS with Onboard.
@null_zero5 жыл бұрын
Thanks and good point. This isn't the only way to achieve these things, it was a lab I wanted to build for some other work and I recorded the process.
@ulis18215 жыл бұрын
Right, but in real life you need an Onboard lic for every client, so M$-CA is a more reasonable solution.
@ruellerz5 жыл бұрын
@@ulis1821 Sure but keep in mind the license evolved from Unique device to USER now.
@ruellerz5 жыл бұрын
And I shall quote this as well for the tricky clever folks. "The intentional onboarding of large numbers of devices by a single user to avoid purchasing Onboard licenses is a violation of the End-User Software License Agreement."
@ruellerz5 жыл бұрын
@@null_zero Yep I appreciate the video as the resources for a Windows CA deployment is scarce. Definitely saved.
@chayden0014 жыл бұрын
Great vid! One question, why was the user certificate issued if it wasn't used?
@null_zero4 жыл бұрын
I made the video based off a home lab build and was trying to work out user and machine cert deploy around that time. I just left in the extra details in case someone found them useful.
@ringthatringgit8 ай бұрын
thanks, very instructive
@greatescape1215 жыл бұрын
Nice vid, is the walkthrough works for Aruba WLC too?
@AirheadsBroadcasting5 жыл бұрын
Yes, just swap out the relevant infra'. Windows server setup is the same.
@greatescape1215 жыл бұрын
@@AirheadsBroadcasting I have configured and successfully connected to the network using domain username and password. but i cannot enroll the certificate like on 25:00 , it shows that the template was unavailable
@null_zero5 жыл бұрын
@@greatescape121 That can be a bit tricky because you need to check multiple factors are configured correctly. Firstly, I would go to the Wins CA server tool and see if there are 'Failed Requests'. There might be details there. If not it is a case of checking off all of the steps. Look at AD Users and Computers. Check the user account that you are trying to auto enroll with. Does it have an email address? Ensure that it does. Check the security groups / admin privs of that account. Next look at the certificate template security settings and ensure the template covers the security group of your test user. Ensure that the template Security setting allow 'Read, Enroll & Auto-Enroll'. If you are issuing client certs then picking 'Authenticated Users' is the group with the widest coverage. Other factors can be that you need to push the group-policy (or wait for it to update), that's 'gpupdate /force' on the DC. Finally, always ensure you are completely logging the user in and out, not just 'lock screen' or 'switch user'.
@greatescape1215 жыл бұрын
@@null_zero Hi Joe, now i'm able to see certificate on MMC. i tried to allow 'Read, Enroll & Auto-Enroll' for authenticated user. Thanks for your help! now i will try to do it with Mac Users & Computers.
@null_zero5 жыл бұрын
@@greatescape121 Good stuff. If you want to lessen the scope, you can just apply those security settings to the user group of your choice and put your desired users in that group i.e. it doesn't have to be all authenticated users for it to work. The main sticking point I encountered was users needing to have email addresses.
@WadeNorris.2 жыл бұрын
great video thanks, looking for official documentation with regards to this ?
@AlvaroLMM4 жыл бұрын
Thanks for sharing your knowledge. Great video!!! I'm trying to follow your tutorial using version 6.6.0.81015 (CP-SW-EVAL) but I am having a hard time with the licence. How do I skip it? AL
@hermanrobers4 жыл бұрын
You should not use ClearPass 6.6, it is old. I think if you register on the Aruba Support Portal (asp.arubanetworks.com) you can request an evaluation license for ClearPass, and as well download the latest version (6.9). If that doesn't work, find your local Aruba SE and ask him or her for a ClearPass evaluation.
@AlvaroLMM4 жыл бұрын
Already solved! Has to be requested to Aruba.
@chrisyoung80622 жыл бұрын
Joe, what aspects of the certs that are issued are unique? Does my question make sense? Like is it the email address, username, hostname in the case of the computer cert?
@null_zero2 жыл бұрын
Hi Chris, it has been a while since I last did this, but the user certs use email address, I believe. I haven't got a AD domain running in my lab at the moment to check details though, I'm afraid.
@chrisyoung80622 жыл бұрын
@@null_zero Thanks Joe. I've got this all set up in my lab now and it's working. Your video was extremely helpful. There was one little thing that didn't work the way you showed. When you added the certificates snap-in to mmc, mine didn't show users or computers. That dialog never came up and it just installed the snap-in for user certs. Not a big deal as I could see that the computer cert was issued from the server. Again thanks for the help.
@null_zero Жыл бұрын
@@chrisyoung8062 Bit late, but I'm building a new home lab, and experienced the same (mmc didn't show computer certs) - this is the type of user you are logging in as. If you are an administrator, or user copied from the administrator account, you'll get the option for user or computer. The note here confirms this 👉 learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-view-certificates-with-the-mmc-snap-in
@santoshkumarkori81424 жыл бұрын
can you please help me with My ClearPass server showing the error"The Radius Server Certificate will expire in 18 day(s)" how can renew the radius certificate in AD server.
@hermanrobers4 жыл бұрын
That means that you will need to renew your radius certificate as it will expire. ClearPass requires a valid Radius certificate or authentications from your clients will fail. If you don't know how to do this, I would reach out to your Aruba partner or Aruba support as it is not too hard, but it has to be done in the right way depending on your current certificate (public, private, self-signed). You could also try to seek assistance on the Airheads community community.arubanetworks.com. I expect similar advice to work with your partner or support if you don't know what to do there, but you might get a better discussion than below a KZbin video.
@gs4bidden3995 жыл бұрын
How do you authenticate against office 365 users ? Also how do you authenticate a user against AD if the subnet and vlan are different from the vlan or subnet the DC is one; without having any unauthorized communicating being processed ?
@chrisyoung80622 жыл бұрын
recommend watching this one at .75 speed.
@null_zero2 жыл бұрын
Or x2 it for the full effect. The long form videos are on my own channel. This is the super-edit.
@chrisyoung80622 жыл бұрын
@@null_zero Didn't realize you had a channel. Just sub'd.
@sureshhkumar9555 жыл бұрын
I have a doubt on root CA and user certificate..
@zakariahmimssaelfakir33254 ай бұрын
CAN SOMEONE EXPLAIN ME PLZZZ WHTS HES TRYING TO CONFIGURE I UNDERSTAND ONLY SOME PARTS OF THE VIDEO BUT DNT UNDERSTAND THE WHOLE GOAL OF IT
@hermanrobers4 ай бұрын
What are you looking for? What is configured in this video is in the description, and this video on most useful if you are looking how to setup EAP-TLS with Active Directory, Group Policies, Aruba ClearPass.
@sureshhkumar9555 жыл бұрын
in 16:09 your are downloading CA certificate what its...