Aruba Instant & Cloud Wi-Fi

Reply
New Contributor
Posts: 4
Registered: ‎11-04-2014

IAP-115 wpa enterprise and certificates

[ Edited ]

Hi,

 

I've been trying for the last 2 days to set up wpa2 enterprise with ldap for my company.
The ldap is a windows 2008 with AD role.

The iaps are in 6.3.1.1-4.0

 

So yesterday I managed to connect with the configured ldap from an iphone but it was still rejected from windows and linux computer.

 

I thought it was a problem due to certificates so I created a CA certificate and a other one for server authentication. I tried to upload them with the GUI but nothing exept the green ok popup happened. The default certificates where still there and no trace of the new ones, even in the cli.

 

I tried to upload the certificate from cli with the <download-cert> command but still no result.

I also tried from the reference guide  the <copy tftp> commande to upload a certificate but it only made the default CA certificate disapear from the iap.

 

Also I reversed to backup just to see that the default ca certificate is still nowhere and my uploaded ones still completely invisible.

While searching through the forum I read that certificate was not mandatory for wpa2 enterprise with ldap is that correct? In that case I will start looking away from the certificates. But there still would be the probleme of the fail uploads.

 

 

Thanks for reading.

 

 

Edit :

 

I was using 2 iap while making the configuration and it appear one is almost working with wpa2 enterprise while the other is not. Iphone android and linux station manage to autenticate but windows station won't. Probably because the default ca certificate is missing from the iap.

 

here are the debut auth log from the iap.

a success auth

 

Nov 5 11:22:43 station-up 2 4 server rejected

 

 

Guru Elite
Posts: 20,598
Registered: ‎03-29-2007

Re: IAP-115 wpa enterprise and certificates

Aerilon,

 

Windows devices do not work if you are pointing to an LDAP server for authentication for 802.1x unless you install special software on them.  Androids and iPHones have that special software (supplicant), so they will abe able to authenticate.  Windows devices do not have that software.  The ultimate solution is to configure a radius server on Windows and point the IAP to that server:  

Please see the thread here for details on why it will not work on windows computers:  http://community.arubanetworks.com/t5/Aruba-Instant-Cloud-Wi-Fi/IAP-WPA2-Enterprise-internal-server-with-LDAP/m-p/137457/highlight/true#M4366

 

You can also check out the thread here http://community.arubanetworks.com/t5/Community-Tribal-Knowledge-Base/Step-by-Step-How-to-Configure-Microsoft-NPS-2008-Radius-Server/ta-p/80672 on how to configure a radius server on Windows 2008 NPS.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: