ArubaOS and Controllers

Reply
New Contributor
Posts: 2
Registered: ‎08-15-2011

Authenticate to two different domains?

I have an SSID setup for employees that allows a machine to come on the network when it meets the criteria of a valid machine certificate and also a valid user cert from our PKI server.
My problem is that we have two different domains I want connected to that SSID that would allow an employee to authenticate no matter what division they are at. So if I work for company "A" but I am at a company "B" site I can still authenticate to company "A" on wireless.

Anyone doing anything like this?
Guru Elite
Posts: 21,523
Registered: ‎03-29-2007

Re: Authenticate to two different domains?


I have an SSID setup for employees that allows a machine to come on the network when it meets the criteria of a valid machine certificate and also a valid user cert from our PKI server.
My problem is that we have two different domains I want connected to that SSID that would allow an employee to authenticate no matter what division they are at. So if I work for company "A" but I am at a company "B" site I can still authenticate to company "A" on wireless.

Anyone doing anything like this?



Here is what you will need:

If you have two different domains, first domain is acompany.com and second domain is bcompany.com, here is what you do:

1 - Create radius servers for both domains
2 - Create edit your current server group for 802.1x and add both servers.
3- Use the match-authstring parameter in the server group to direct authentication for one domain to first server and authentication to another domain to the second server:
Click on across from first server. Make sure match type is Authstring (it is by default), type in the match string for the FQDN that the company adds to the username. Click on Add rule to add that rule. Click on Update Server to make that rule stick. Do the same thing to the second server:

The controller now will only try to authenticate to each server if "acompany.com" or "bcompany.com" is in the username.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: