"Do not validate" is your "quick and dirty" solution to workaround on problems with private CA certificates. If you have OnBoard module, then use QuickConnect app to install proper CA and user certificates.
With manual CA and user certificates installation I was only able to get user cert working. Never have a luck with CA certs format for android. With QuickConnect it was easy to deploy both.
p.s. Didn't want to use too much time researching as I have OnBoard up and running.
Best, Gorazd
------------------------------
Gorazd Kikelj
MVP Guru 2024
------------------------------
Original Message:
Sent: Dec 11, 2024 01:58 PM
From: osdtech
Subject: Connecting Android phone using Clearpass
I am new to clearpass and I cannot connect an android phone with OS 11 to my network. The service authentication methods are: EAP PEAP, EAP MSCHAPv2 and EAP-TLS with Authorization Required disabled, I'm unsure why we have it that way as our initial configuration was done by the vendor we bought it from. Our authentication sources are AD, Endpoints repository and Local DB. Work devices connect by reaching out to our CA and getting a cert and connect with EAP-TLS. Personal devices use PEAP with MSCAHPv2, most android phones have the option to "Do not validate" or "Trust on fist use", but some OS versions do not have that option. When I try to install the cert manually and try to connect using PEAP and MSCAPv2 with that cert selected and our domain filled in, the request gets rejected and on the Alerts tab is says: "RADIUS EAP-PEAP: fatal alert by client - internal_error
eap-tls: Error in establishing TLS session". I also do not know why it only works with "Do not validate" but I would like to get it working without having to use that option. What do I need to do to get this working. Any starting point would be appreciated. I am using Clearpass version 6.11.9 and Aruba Mobility Conductor 8.10.0.14.
Thank you!