01-16-2011 11:29 PM
I have configured my Aruba Controller for LDAP authentication.
I have done the required configuration and tested by using:
aaa test-server pap LDAP username password
Response is "Authentication Successful"
aaa query-user LDAP username
and I am getting all the required details.
The problem which I am facing is that when i try to connect to the SSID, i receive the error message which is in the attachment. Even if I try to connect it again and again but it keeps asking. I also imported new certificate but no use.
Can anyone help in solving this problem?
I will be grateful.
01-17-2011 01:27 AM
- What version of Aruba OS?
- What type of Authentication?
- What Type of Encryption?
-What backend LDAP server?
- Did this ever work?
01-17-2011 03:18 AM
- We are using Aruba650, with OS Version 220.127.116.11.
- This is the first time the device is configured with LDAP authentication settings.
- LDAP has been configured on Windows 2008 Server, which is also AD server.
- Configured 802.1x/WEP on controller.
I hope this info can give u good idea.
01-17-2011 03:21 AM
01-17-2011 04:19 AM
Before that I have configured RADIUS but the problem with RADIUS was:
- Initially i faced the same certificate issue but after hitting connect 2 times, the network gets connected.
- Second and MAIN problem that it doesnt work with every AD user. Means with some of the users, when they try to connect to the WLAN, it asks for account password and keeps asking and doesnt join the WLAN.
So just for testing, we tried to configure LDAP but facing some other problems which I have already mentioned.
01-17-2011 05:42 AM
- Make sure that you have a certificate on the radius server under the remote access policy under PEAP.
- Make sure that on your client you have the CA certificate that issued the certificate to your radius server.
- Uncheck termination.
The message you are seeing is because the client does not have a certificate from the Certificate Authority that issued the certificate to the radius server in the trusted store. If you fix that, your problem should go away.
You should NOT use LDAP.
01-17-2011 10:21 PM
Thanks for your support, but problem is that i am still facing same problem after redoing all the exercise.
- Same certificate problem
- Some of AD user unable to join the network
You want me to send the screenshots of all the things?
01-18-2011 04:08 AM
Please carefully take a look at Microsoft's wireless 802.1x deployment guide here http://technet.microsoft.com/en-us/library/dd28309
Certificate issues can be troublesome, but ensuring that configuration of the certificate authority, radius server as well as the client is key to understanding why you are getting the error.
01-18-2011 07:28 AM
I have already spoken with our Server Admins to see if there is something in a GPO or in Active Directory somewhere I need to follow up on that again... found that if the Group Policy isn't blocking you, you can connect with Win7 but you have to click connect on the error first.
I was looking into LDAP and the "Windows Server" options for this as a work around what are the reasons for avoiding these and staying with a Radius server?
Server Admins tell me we are not going to 2008 for a while we are currently on 2003.
Redundant Aruba 6000 with M3 modules
Cisco ACS 4.2 as radius server
01-18-2011 07:36 AM
Unless you have Termination enabled on the controller (and if you already have a certificate on your radius server, you should not have that), the controller is NOT part of the certificate process....
There is a way to change this to LDAP, but there are quite a few restrictions, including less flexibility, less troubleshooting information, and end-user usability issues, so it generally is not worth it.