Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor I
Posts: 6
Registered: ‎01-08-2013

IAP WPA2 Enterprise internal server with LDAP

I was told that iap wpa2 interprise can be configured as radius internal server and the radius server can authenticate against a LDAP server. Does anyone know how to configure this?

 

thanks.

Guru Elite
Posts: 8,196
Registered: ‎09-08-2010

Re: IAP WPA2 Enterprise internal server with LDAP

Check out Chapter 11 in the attached guide. It explains how to configure EAP termination on the VC.

 

 


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
MVP
Posts: 130
Registered: ‎06-11-2013

Re: IAP WPA2 Enterprise internal server with LDAP

Are you connecting to OpenLDAP or ActiveDirectory or similar?

 

Do you want to use EAP-PEAP-MSCHAPv2 or EAP-TTLS PAP/MSCHAPv2?

 

Please note for ActiveDirectory with MSCHAPv2: you will need a domain join for this. For MSCHAPv2 you will need to have NTLM_Auth in place on your RADIUS server. The Aruba Instant internal RADIUS-server does not support a domain join and NTLM_Auth.

 

If you are using OpenLDAP and want to use MSCHAPv2 then you need to store either plain-text passwords or NT-Passwords (like AD does). If you are using PAP you can store passwords with any hashing algorithm.

 

 

I would advise you to use an external RADIUS server if possible.


ACMX#255 | ACMP | ACCP | AWMP
www.securelink.nl
Occasional Contributor I
Posts: 6
Registered: ‎01-08-2013

Re: IAP WPA2 Enterprise internal server with LDAP

hello,

 

i want to implement in a active directory domain network. The LDAP server is the DC.

 

Do you think is possible to implement without radius?

 

thanks,

MVP
Posts: 130
Registered: ‎06-11-2013

Re: IAP WPA2 Enterprise internal server with LDAP

At least for PEAP EAP-MSCHAPv2 (which is most common) you will need a RADIUS server.

 

Possible RADIUS servers: Microsoft NPS (which is included in Windows Server), FreeRADIUS (if you have a Linux platform) or possibly ClearPass Policy Manager if you have some budget available :)

 

When using EAP-TTLS with PAP you would not need an external RADIUS server, but note the default Windows 802.1X supplicant does not have support for this.


ACMX#255 | ACMP | ACCP | AWMP
www.securelink.nl
Super Contributor I
Posts: 300
Registered: ‎12-01-2010

Re: IAP WPA2 Enterprise internal server with LDAP

The NPS for MSFT is free just activate it but the good thing you do not need the cerificate server as you can use Aruba to ternminate the EAP traffic.

Normal Guy
Search Airheads
Showing results for 
Search instead for 
Did you mean: