ArubaOS and Controllers

Reply
Frequent Contributor II

Local Termination kills 802.1x Auth for computers in Active Directory

I have opened a support case for this but I figure someone here will likely have an answer for me as well.

Situation:

My Client Supplicants on Windows 7 and XP are configured to - Authenticate as computer when computer information is available. The supplicants are using WPA2-AES with 802.1x PEAP-MSCHAPv2. The Aruba Controller is not configured to enforce Machine Authentication (Enforce Machine Authentication is Disabled). Microsoft IAS is used as the RADIUS server. IAS communicates with Active Directory where the user and machine credentials reside. With this configuration Authentication using Machine Credentials works.

Problem:

When Local Termination is enabled on the Aruba controller Authentication using Machine Credentials fails. It should be noted that (Enforce Machine Authentication) is still disabled on the controller.

Questions:

• Is Local Termination interfering with the Authentication process?
• Why does Local Termination cause Authentication using Machine Credentials to fail?
• Are there any workarounds to achieve the same Authentication result with Local Termination enabled?

My Controller is an M3 running OS 6.1.2.0

Thanks in advance.
Guru Elite

Re: Local Termination kills 802.1x Auth for computers in Active Directory

Machine Authentiction does not work with termination if:

- You are using a Windows 2003 server for Radius
- You are using a Windows 2008 server for Radius authentication

It does work if you use:

- Juniper Odyssey for Radius
- Cisco ACS for Radius
- Free Radius for Radius

Solution: Do not use termination if you are using a MSFT Radius server.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: