Jumpcloud RADIUS Auth failure

Reply
L2 Linker

Jumpcloud RADIUS Auth failure

Hi,

 

I have configured a RADIUS profile to use a "Directory as a service" provider (JumpCloud) for authentication, I have tested this with LDAP and everything seems to work as intended but when I configure the Radius profiles and test authentication via the cli I get the following response

Failed EAPOL auth (-1).
Response for user: "bob" from RADIUS server: "self signed certificate in certificate chain; unknown CA"

I have been through and installed the certificate chains for JumpCloud as well as the certificate they provide so I am not sure I understand exaclty what this certificate error is refering to.

 

Any help will be appreciated.

 

/M

Tags (2)

Accepted Solutions
L2 Linker

Looks like I have managed to solve this issue, appears I had the wrond certificate chains loaded.

View solution in original post


All Replies
L2 Linker

Looks like I have managed to solve this issue, appears I had the wrond certificate chains loaded.

View solution in original post

L0 Member

Hi @Marc_T,

 

Please can you share more light on how you resolved this issue?

 

I'm having the same issue as well. However, this time, it is Palo Alto RADIUS authentication via Aruba ClearPass, using EAP-MSCHAPv2 as Authentication protocol. My experience in SSL certificates is not so fantastic. 

 

Actually, an SSL certificate was installed on the RADIUS server (ClearPass) which I exported and imported into the Palo Alto firewall.

 

Patiently waiting for your feedback. 

 

 

L1 Bithead

Hi @Marc_T ,

 

I'm having this exact same issue with JumpCloud RADIUS auth; any chance you could let us know what resolved the issue for you? I'v tried every possible version of certificates/certificate chains that I can think of, but still no luck. Would really like to know how you resolved this.

 

Thanks!

L2 Linker

Hi @nolansuess ,

 

Its been a while since I used this so I hope all the information I have still configured in my firewall is still valid.

There are the certificates I had to install and then create a certificate profile from:

Marc_T_0-1582486976365.png

You should be able to download any updated certs from here: https://support.jumpcloud.com/support/s/article/jumpcloud-radius-certificate-for-eap-ttls-client-dep...

 

Once I had all that configured I created the Radius profile as per usual

Marc_T_1-1582487071013.png

Let me know if this helps

 

/M

L0 Member

Did you also add both the GD CA and GD Inter to the certificate profile (which is assigned to the radius server profile)

 

Thanks

L0 Member

So... I was also getting the "self signed certificate in certificate chain; unknown CA" issues after following;

 

https://support.jumpcloud.com/support/s/article/jumpcloud-radius-certificate-for-eap-ttls-client-dep...

 

I just installed all the other ROOT and INTER CAs off the below repo, I then added them all to my certificate profile and I was able to auth with peap-mschapv2.. So I think the doc is out of date. I have raised a ticket with JC and once I have the definitive list I will post.

 

Heres the repo;

https://certs.godaddy.com/repository

 

 

 

 

 

L0 Member

Hi @Marc_T,

Is this setup still working for you for Jumpcloud?
If I enable "Make Outer Identity Anonymous" radius authentication does not work.
Works fine if I disable this option. Setup is the same other than this.

 

/Jo Christian

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!