ArubaOS and Controllers

Reply
New Contributor

Unable to find a certificate to log on

We're setting up our first wireless network and are receive the following error when we try to connect:




Before starting down this path, we had a Server 2008R2 domain with no CA. I followed most of the directions on this Fat of the LAN page to configured an Enterprise CA. I diverged from those steps in two places. One was that the server I'm using is not a DC, it is just a domain-joined Server 2008R2 box. The other difference is that I did not add any attribute filters

When I test authentication from the controller (Diagnostics -> AAA Test Server -> select the server created above from drop-down -> enter my AD username and password), it succeeds and I see the audit success in the RADIUS server's Security event log. I was super excited, but when I tried to connect from an XP client (domain-joined), it failed with the error above and I don't see the failure in the Security event log on the RADIUS server.

I assume I'm missing something related to the certificate and AD, but I have no idea what it could be.

Thoughts? Thanks.

Guru Elite

Re: Unable to find a certificate to log on

On the Windows XP laptop, in the wireless setup, change the setting from "Smartcard" to "PEAP"






********************************************

Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
New Contributor

Re: Unable to find a certificate to log on

Great, I was able to connect (I also had to tell it to not validate the certificate). When I try to connect from an XP or Windows 7 laptop that isn't on the domain, I get:




I'm not prompted for credentials. When I try from an iPad, it prompts for credentials and let's me right on.

Guru Elite

Re: Unable to find a certificate to log on

That is because the laptop that is on the domain uses the username/password of the user that logged into it. A user with a non-domain laptop logs into his laptop with an account that is NOT on the domain. You can uncheck "automatically use username/password" in the wireless config for that device to type in the username/password manually. You would of course have to uncheck "Validate Server Certificate" as well (not recommended).






********************************************

Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: