ArubaOS and Controllers

Reply
Contributor II
Posts: 51
Registered: ‎04-03-2007

EAP Offload and Machine Auth

When I take a working 802.1x profile and enable "termination" / eap-peap / eap-mschap for Eap Offload to the controller, users continue to authenticat fine but workstations do not. The workstations were authenticating OK before doing the offload. What am I missing?

The IAS log reports as the error:

Reason = Authentication was not successful because an unknown user name or incorrect password was used.

b
Guru Elite
Posts: 20,433
Registered: ‎03-29-2007

EAP Offload - No Machine Authentication.

EAP Offload, or Termination, does not work with Machine Authentication. You will need an external radius server with a Valid Certificate for machine authentication to work.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: EAP Offload and Machine Auth

bhubert,

thats a known issue with IAS, termination on the Aruba controller and machine auth. I have tested this on another RADIUS server and it works. I dont want to say which RADIUS server, but it is a well-known $25B company that just announced a 322 Terrabit router... :)
Contributor II
Posts: 51
Registered: ‎04-03-2007

Re: EAP Offload and Machine Auth

Thanks gents. Has it been tested with Win2k8's implementation of RADIUS (NPS)? Is there something that I can 'read' that explains why this doesn't work?
Guru Elite
Posts: 20,433
Registered: ‎03-29-2007

From the inception

It has never worked Microsoft IAS and that is not going to change any time soon. It would require a great deal of work that was never attempted in the past, and it is less likely as time goes by.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: