Authenticate to Wifi before log on

nagelj · ‎12-10-2024

Our University has a fleet of laptops that are available for students to check out. We had to updated the certificate on our ISE deployment that is used for RADIUS DTLS, EAP Authentication since it was going to expire. Now it is reported that students cannot log into these laptops without connecting to wired first. Previously apparently they could checkout a laptop and would log into it using their email address and it would let them log in even though they had not previously logged in. It apparently must have connected to wireless automatically before they logged in. I am newer to the university and am not sure how these machines were previously set up. I am told that our desktop people did update and push out the new certificate to the laptops but they are still not working as expected. Any ideas on how this might have been working and why it may be broken now? On the network side we only updated the ISE certificate. It seems like the laptop is not trusting the ISE certificate for some reason because when you try to log in you get the domain is not available message when trying to use wireless.

Any thoughts or assistance would be appreciated.

ammahend · ‎12-10-2024

Did you sign the new ISE certificate with the same Certificate Authority (CA) which was used before or this is a new CA ?

-hope this helps-

nagelj · ‎12-18-2024

Yes, the ISE certificate was signed by the same CA. The root and intermediate did also need to be updated as they were updated when the new identity certificate was generated.