802.11 Client Device Interoperability

Reply
Occasional Contributor I

Windows 7 supplicant

Do anyone know of any issues with the new Windows 7 supplicant and Aruba?

I was working with some students in class and we set up an 802.1X/EAP solution with an Aruba controller and a RADIUS server.

All Windows supplicants work fine with PEAP and are validating the server certificate and getting authenticated. The Windows 7 supplicant... no such luck.

I have worked with a zillion different supplicants and my guess is that we were just missing one stupid setting. XP and Vista supplicants worked just fine in class.

Just curious if anyone at Aruba has mentioned weirdness with Windows 7 supplicant and 802.1X/EAP.
Aruba Employee

Windows 7 supplicant

Hi David,

I used Windows 7 on several different types of laptop models (Dell Latitude E6500/Lenovo T400/Lenovo T61, etc) and it seems to work fine with WPA2-AES enterprise with EAP-PEAP. In the Wireless Network Properties, I usually select "connect automatically when this nework is in range"and "connect even if the network is not broadcasting its name " in the "Connection" tab. In the "Security" tab I pick the usual settings for WPA2-AES with an addition of clicking on "Advanced" button and select "Specify authentication mode" for "user authentication".

Regards,
Ken
Occasional Contributor I

Re: Windows 7 supplicant



I used Windows 7 on several different types of laptop models (Dell Latitude E6500/Lenovo T400/Lenovo T61, etc) and it seems to work fine with WPA2-AES enterprise with EAP-PEAP. In the Wireless Network Properties, I usually select "connect automatically when this nework is in range"and "connect even if the network is not broadcasting its name " in the "Connection" tab. In the "Security" tab I pick the usual settings for WPA2-AES with an addition of clicking on "Advanced" button and select "Specify authentication mode" for "user authentication".




Hi Ken,

Thanks for the reply. We tried all that and the settings in the supplicant seem rather straight forward. Myself and two senior networking engineers spent had zero luck, which leads me to believe we are missing one obvious setting.
Aruba Employee

Re: Windows 7 supplicant

Hey David,

Not sure if this is related to your specific situation, but thought I would share in case it helps.

I noticed one of the windows 7 boxes I was working with recently has a much smaller list of root CAs loaded on the box (note this was a client's machine, and may have been a group policy thing or a function of this specific windows 7 build vs. a general windows 7 thing). So, depending on how you're attempting to validate the cert on the client side, this could be the problem. If you haven't already, make sure that the root CA of the server cert you're using is on the windows 7 box's default trust list.

One other thing to try is doing EAP offload to the controller and see if that gets you any further. We were able to make the windows 7 box perform as expected using offload and the default Equifax cert on the controller as the Equfax CA was already present in the machines cert store.
Occasional Contributor I

Re: Windows 7 supplicant

Thanks James. We tried it with and without EAP offload. We eventually discovered that the problem was most likely driver based. The Windows 7 supplicant would not work on one vendors laptops but when we brought in another vendor laptop... all worked well.
Aruba Employee

Re: Windows 7 supplicant

David,

Playing with Win7 in Bootcamp with a MacBook Pro and finding the same issues. Do you remember what type of NIC your student was using? My controller is stating the PEAP attempt is happening at the machine level even though the authentication type is set to user.

Anyway, I've been messing with this for all of 60 minutes, just wondering if you had more details on his card as I'm just using the basic broadcom stuff.
Contributor I

Re: Windows 7 supplicant

I've seen this on Pre-n broadcom NIC too. I don't have all the specs about the card.
Contributor I

Re: Windows 7 supplicant

I've seen this on Pre-n broadcom NIC too. I don't have all the specs about the card. But it was working with the Windows 7 Driver for that card
Super Contributor II

Re: Windows 7 supplicant

hi guys,

just wondering if anybody had any luck resolving this as i have a client who is currently experiencing similar issues.

scott
MVP

Re: Windows 7 supplicant

My Radius server: Windows 2008; My wireless: NOT ENFORCE MACHINE AUTHENTICATION; the laptop wireless card: Broadcom BCM94309MP (abg)

In Manage Wireless Network: CHECK the Security- Advanced Settings- 802.1X settings- Specific authentication mode to "User or Computer authentication" (this is new in W7 supplicant).
While my newer Centrino 6200AGN does not care about this setting, some older wireless cards are sensitive to it.
~Trinh Nguyen~
Boys Town
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: