03-30-2016 07:18 AM - edited 03-30-2016 07:19 AM
-Radius against Windows Server 2008 R2 NPS
-OKC, 802.11k, 802.11v enabled
Linux Users roam totally fine with a small hickup about 1 second, but Mac users often loose connection for up to 20 seconds and stay in state authenticating.
All our Mac books are affected. It makes no difference if we Terminate EAP at the APs or not.
The only approach brought help was to use VC internal authentication. Then the macbooks were authenticating with peap-gtc and roaming is just as fine as with linux. But this is no way to go because we cant double maintain our users.
We are using current EA release.
Thanks for your help
03-30-2016 07:24 AM
and changing it's permission to Full Trust. See if you have the same issue
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
03-31-2016 01:28 AM - edited 03-31-2016 07:17 AM
I see a difference between Windows NPS server and internal Radius..
While NPS server authenticates mschapv2, internal radius server implements eap-gtc.
Is it possible to setup an freeradius server which defaults to eap-gtc and mschap as fallback for windows clients?
//Edit: We ended up with a ugly but working solution. We've set up another SSID for apple devices., authenticating against LDAP with Termination enabled. Sadly Aruba Instant Firmware doesnt allow to bind to encrypted LDAP. Hopefolly the main problem and LDAPs can be fixed.