Jumpcloud RADIUS Auth failure

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Jumpcloud RADIUS Auth failure

L2 Linker

Hi,

 

I have configured a RADIUS profile to use a "Directory as a service" provider (JumpCloud) for authentication, I have tested this with LDAP and everything seems to work as intended but when I configure the Radius profiles and test authentication via the cli I get the following response

Failed EAPOL auth (-1).
Response for user: "bob" from RADIUS server: "self signed certificate in certificate chain; unknown CA"

I have been through and installed the certificate chains for JumpCloud as well as the certificate they provide so I am not sure I understand exaclty what this certificate error is refering to.

 

Any help will be appreciated.

 

/M

1 accepted solution

Accepted Solutions

L2 Linker

Looks like I have managed to solve this issue, appears I had the wrond certificate chains loaded.

View solution in original post

7 REPLIES 7

L2 Linker

Looks like I have managed to solve this issue, appears I had the wrond certificate chains loaded.

Hi @Marc_T,

 

Please can you share more light on how you resolved this issue?

 

I'm having the same issue as well. However, this time, it is Palo Alto RADIUS authentication via Aruba ClearPass, using EAP-MSCHAPv2 as Authentication protocol. My experience in SSL certificates is not so fantastic. 

 

Actually, an SSL certificate was installed on the RADIUS server (ClearPass) which I exported and imported into the Palo Alto firewall.

 

Patiently waiting for your feedback. 

 

 

L1 Bithead

Hi @Marc_T ,

 

I'm having this exact same issue with JumpCloud RADIUS auth; any chance you could let us know what resolved the issue for you? I'v tried every possible version of certificates/certificate chains that I can think of, but still no luck. Would really like to know how you resolved this.

 

Thanks!

Hi @nolansuess ,

 

Its been a while since I used this so I hope all the information I have still configured in my firewall is still valid.

There are the certificates I had to install and then create a certificate profile from:

Marc_T_0-1582486976365.png

You should be able to download any updated certs from here: https://support.jumpcloud.com/support/s/article/jumpcloud-radius-certificate-for-eap-ttls-client-dep...

 

Once I had all that configured I created the Radius profile as per usual

Marc_T_1-1582487071013.png

Let me know if this helps

 

/M

Did you also add both the GD CA and GD Inter to the certificate profile (which is assigned to the radius server profile)

 

Thanks

So... I was also getting the "self signed certificate in certificate chain; unknown CA" issues after following;

 

https://support.jumpcloud.com/support/s/article/jumpcloud-radius-certificate-for-eap-ttls-client-dep...

 

I just installed all the other ROOT and INTER CAs off the below repo, I then added them all to my certificate profile and I was able to auth with peap-mschapv2.. So I think the doc is out of date. I have raised a ticket with JC and once I have the definitive list I will post.

 

Heres the repo;

https://certs.godaddy.com/repository

 

 

 

 

 

Hi @Marc_T,

Is this setup still working for you for Jumpcloud?
If I enable "Make Outer Identity Anonymous" radius authentication does not work.
Works fine if I disable this option. Setup is the same other than this.

 

/Jo Christian

  • 1 accepted solution
  • 8217 Views
  • 7 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!