Aruba Apps

Reply
MVP
Posts: 777
Registered: ‎03-25-2009

IOS VIA app not using via auth profile?

[ Edited ]

I can't seem to get my IOS VIA client to use the same VIA authentication profile as the Windows VIA client.

 

Debugging gives the following for a Windows VIA client

Jun 21 18:45:18 :124004:  <DBUG> |authmgr|  VIA Authentication Profile is 'customer-radius'
Jun 21 18:45:18 :124004:  <DBUG> |authmgr|  Setting auth subtype 'PAP' for user 94.224.118.161, client VIA-WEB
Jun 21 18:45:18 :124004:  <DBUG> |authmgr|  Setting auth type 'VIA-WEB' for user 94.224.118.161, client VIA-WEB
Jun 21 18:45:18 :124004:  <DBUG> |authmgr|  Setting authstate 'started' for user 94.224.118.161, client VIA-WEB
Jun 21 18:45:18 :124004:  <DBUG> |authmgr|  aal_authenticate user:test vpnflags:0 
Jun 21 18:45:18 :124004:  <DBUG> |authmgr|  ncfg_auth_server_group_authtype ip=94.224.118.161, method=VIA-WEB vpnflags:0
Jun 21 18:45:18 :199802:  <ERRS> |authmgr|  ncfg_auth.c, ncfg_auth_server_group_authtype:250: Invalid authentication type 25 (ip=94.224.118.161)
Jun 21 18:45:18 :124004:  <DBUG> |authmgr|  aal_authenticate server_group: 
Jun 21 18:45:18 :124004:  <DBUG> |authmgr|  Select server for method=VIA-WEB, user=test, essid=<>, server-group=radius-group, last_srv <>
Jun 21 18:45:18 :124004:  <DBUG> |authmgr|   server=SRVDC02, ena=1, ins=1 (1)
Jun 21 18:45:18 :124038:  <INFO> |authmgr|  Selected server SRVDC02 for method=VIA-WEB; user=test,  essid=<>, domain=<>, server-group=radius-group
Jun 21 18:45:18 :124003:  <INFO> |authmgr|  Authentication result=Authentication Successful(0), method=VIA-WEB, server=SRVDC02, user=94.224.118.161 
Jun 21 18:45:18 :124004:  <DBUG> |authmgr|  Auth server 'SRVDC02' response=0
Jun 21 18:45:18 :124004:  <DBUG> |authmgr|  Setting authserver 'SRVDC02' for user 94.224.118.161, client VIA-WEB

 

and the following from an IOS VIA client

Jun 21 18:46:59 :124004:  <DBUG> |authmgr|  VIA Authentication Profile is ''
Jun 21 18:46:59 :124004:  <DBUG> |authmgr|  aal_authenticate user:test vpnflags:0 
Jun 21 18:46:59 :124004:  <DBUG> |authmgr|  unknown user=188.5.29.4, method=VIA-WEB
Jun 21 18:46:59 :124004:  <DBUG> |authmgr|  aal_authenticate server_group:default 
Jun 21 18:46:59 :124004:  <DBUG> |authmgr|  Select server for method=VIA-WEB, user=test, essid=<>, server-group=default, last_srv <>
Jun 21 18:46:59 :124004:  <DBUG> |authmgr|   server=Internal, ena=1, ins=1 (1)
Jun 21 18:46:59 :124038:  <INFO> |authmgr|  Selected server Internal for method=VIA-WEB; user=test,  essid=<>, domain=<>, server-group=default
Jun 21 18:46:59 :133004:  <INFO> |localdb|  Received Authentication Request for User test
Jun 21 18:46:59 :133019:  <ERRS> |localdb|  User test was not found in the database
Jun 21 18:46:59 :133006:  <ERRS> |localdb|  User test Failed Authentication
Jun 21 18:46:59 :124004:  <DBUG> |authmgr|  Rx message 21/23, length 319 from 10.1.0.62:8344
Jun 21 18:46:59 :124004:  <DBUG> |authmgr|  Local DB auth failed for user test, error (User not found in UserDB)
Jun 21 18:46:59 :124003:  <INFO> |authmgr|  Authentication result=Authentication failed(1), method=VIA-WEB, server=Internal, user=188.5.29.4 
Jun 21 18:46:59 :124004:  <DBUG> |authmgr|  Auth server 'Internal' response=1

 

Anybody got a clue why the IOS client would be using a different profile from the Windows clients even?

The debugs provided are from trying to download the connection profile.

 

FYI, the VIA authentication profile "default" has no references. The only other Via authentication profile "customer-radius" references the radius server-group.

The same is true for the VIA Connection Profile "default": no references where the VIA Connection Profile I created has the "default-via-role" user-role azs reference.

No PEFV license is installed (running release 5.0.4.1) so this user-role is the only one I can use.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
MVP
Posts: 777
Registered: ‎03-25-2009

Re: IOS VIA app not using via auth profile?

k, the quick and dirty fix is change the default via-auth-profile to that radius group as well and for good measure change the default vpn-auth-profile to this radius group as well.

 

Voila, IOS, Mac OS and Windows clients all working in release 5.0.4.1 without PEF-V license.  God my customer is gonna hate me when we need to upgrade to 6.x and charge him to keep his functionality :-D

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: