ArubaOS and Controllers

Reply
Contributor II

EAP Offload and Machine Auth

When I take a working 802.1x profile and enable "termination" / eap-peap / eap-mschap for Eap Offload to the controller, users continue to authenticat fine but workstations do not. The workstations were authenticating OK before doing the offload. What am I missing?

The IAS log reports as the error:

Reason = Authentication was not successful because an unknown user name or incorrect password was used.

b
-b
www.apextechgroup.com
Guru Elite

EAP Offload - No Machine Authentication.

EAP Offload, or Termination, does not work with Machine Authentication. You will need an external radius server with a Valid Certificate for machine authentication to work.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Aruba Employee

Re: EAP Offload and Machine Auth

bhubert,

thats a known issue with IAS, termination on the Aruba controller and machine auth. I have tested this on another RADIUS server and it works. I dont want to say which RADIUS server, but it is a well-known $25B company that just announced a 322 Terrabit router... :)
Contributor II

Re: EAP Offload and Machine Auth

Thanks gents. Has it been tested with Win2k8's implementation of RADIUS (NPS)? Is there something that I can 'read' that explains why this doesn't work?
-b
www.apextechgroup.com
Guru Elite

From the inception

It has never worked Microsoft IAS and that is not going to change any time soon. It would require a great deal of work that was never attempted in the past, and it is less likely as time goes by.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: