Controllerless Networks

Reply
Occasional Contributor I
Posts: 5
Registered: ‎09-29-2015

Cannot access domain resources on IAP 205 with RADIUS authentication

I am in the processes of changing out a Meru controller based system for Aruba Instant IAP 205's. I have a Windows 2012 R2 domain controller authenticating clients through RADIUS using computer authentication. All client machines are Windows 7 SP1.

Everything seems to work fine except domain resources that require authentication. I have total internet access and I can ping all the domain machines using hostnames. I can even ping domain.local and I get replies from the domain controller, but when I try to access a network share I get a password prompt saying "cannot contact a domain controller to service the authentication request." I also cannot run gpupdate /force because it fails to find a domain controller.

The domain controller is also DHCP and DNS, which are working fine. I have narrowed it down to an Aruba issue because the Meru access points at the other end of the building are using the same RADIUS server and the same VLAN as the arubas, but the meru clients have no issues at all. Everything also works on the wire. I just can't seem to get the arubas to allow domain activity.

I found this similar problem posted a couple times in the Airheads community, but no difinitive solution has been presented on those threads.

Guru Elite
Posts: 8,643
Registered: ‎09-08-2010

Re: Cannot access domain resources on IAP 205 with RADIUS authentication

What user-role are the devices in?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 21,281
Registered: ‎03-29-2007

Re: Cannot access domain resources on IAP 205 with RADIUS authentication

Make sure the SSID under Access, the access rules are set to unrestricted.

 

unrestricted.png



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎09-29-2015

Re: Cannot access domain resources on IAP 205 with RADIUS authentication

Thanks for the replies

I'm sorry. I'm not sure what you mean by "user-role"

Also, The security is already set to unrestricted.

Guru Elite
Posts: 21,281
Registered: ‎03-29-2007

Re: Cannot access domain resources on IAP 205 with RADIUS authentication

Please post the screenshot for your VLAN tab.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎09-29-2015

Re: Cannot access domain resources on IAP 205 with RADIUS authentication

aruba_vlan.png

VLAN 50 is fully functional on the Merus and on the wire.

Guru Elite
Posts: 21,281
Registered: ‎03-29-2007

Re: Cannot access domain resources on IAP 205 with RADIUS authentication

I suggest you install wireshark on one of your clients and do a packet capture to determine what your problem browsing network resources is.  I am just guessing about what was done wrong.  A packet capture would be more definitive.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba
Posts: 1,290
Registered: ‎08-29-2007

Re: Cannot access domain resources on IAP 205 with RADIUS authentication

It sounds suspiciously like a DNS issue.  Are the clients able to resolve internal addresses?

Do you have content filtering enabled in the ssid?

aireheads - content filtering.JPG


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Occasional Contributor I
Posts: 5
Registered: ‎09-29-2015

Re: Cannot access domain resources on IAP 205 with RADIUS authentication

DNS was my initial thought too, but I am able to ping hostnames. I can even ping domain.local and I get replies from the domain controller. I also have content filtering disabled. It doesn't make any logical sense. I'm stumped :-(

Occasional Contributor I
Posts: 5
Registered: ‎09-29-2015

Re: Cannot access domain resources on IAP 205 with RADIUS authentication

I found my solution. I was using dynamic RADIUS proxy, which appeared to be working because RADIUS authentication was working great. Once I disabled DRP and configured each access point individually in NPS, everything started working. It still doesn't make any sense, but I can live with it since I'm only dealing with 15-20 APs. Thank you to everyone who helped.

Search Airheads
Showing results for 
Search instead for 
Did you mean: