Controllerless Networks

I am in the processes of changing out a Meru controller based system for Aruba Instant IAP 205's. I have a Windows 2012 R2 domain controller authenticating clients through RADIUS using computer authentication. All client machines are Windows 7 SP1.

Everything seems to work fine except domain resources that require authentication. I have total internet access and I can ping all the domain machines using hostnames. I can even ping domain.local and I get replies from the domain controller, but when I try to access a network share I get a password prompt saying "cannot contact a domain controller to service the authentication request." I also cannot run gpupdate /force because it fails to find a domain controller.

The domain controller is also DHCP and DNS, which are working fine. I have narrowed it down to an Aruba issue because the Meru access points at the other end of the building are using the same RADIUS server and the same VLAN as the arubas, but the meru clients have no issues at all. Everything also works on the wire. I just can't seem to get the arubas to allow domain activity.

I found this similar problem posted a couple times in the Airheads community, but no difinitive solution has been presented on those threads.

Thanks for the replies

I'm sorry. I'm not sure what you mean by "user-role"

Also, The security is already set to unrestricted.

Please post the screenshot for your VLAN tab.

VLAN 50 is fully functional on the Merus and on the wire.

I suggest you install wireshark on one of your clients and do a packet capture to determine what your problem browsing network resources is.  I am just guessing about what was done wrong.  A packet capture would be more definitive.

Make sure the SSID under Access, the access rules are set to unrestricted.

It sounds suspiciously like a DNS issue.  Are the clients able to resolve internal addresses?

Do you have content filtering enabled in the ssid?

DNS was my initial thought too, but I am able to ping hostnames. I can even ping domain.local and I get replies from the domain controller. I also have content filtering disabled. It doesn't make any logical sense. I'm stumped :-(

I found my solution. I was using dynamic RADIUS proxy, which appeared to be working because RADIUS authentication was working great. Once I disabled DRP and configured each access point individually in NPS, everything started working. It still doesn't make any sense, but I can live with it since I'm only dealing with 15-20 APs. Thank you to everyone who helped.

I spent 3 hours looking through articles and trying different things.  This worked for me.  As soon as I disabled content filtering in the SSID and disable-enable the device wifi adapter all was well.