Hi,
Does someone here has experience with setting an IAP-225 up with the external OneLogin radius server? For some reason I can't get it work. I read already this: https://onelogin.zendesk.com/hc/en-us/articles/202361670
And tried this: http://www.arubanetworks.com/techdocs/InstantMobile/Advanced/Content/External%20RADIUS%20Server.htm
If I try with my client locally via radtest I get accepted, but when I try via the IAP-225 I get always rejected. Also depending on the configuration with Termination Enabled I usually time out/reject by connecting to 127.0.0.1.
adius authenticate raw using server t_OneLoginRadiusServer
Jan 9 23:26:01 stm[2475]: <121031> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| |aaa| [rc_request.c:52] Add Request: id=6, srv=127.0.0.1, fd=18
Jan 9 23:26:01 stm[2475]: <121031> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| |aaa| [rc_server.c:1695] Sending radius request to t_OneLoginRadiusServer:127.0.0.1:2630 id:6,len:209
Jan 9 23:26:01 stm[2475]: <121031> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| |aaa| [rc_server.c:1705] User-Name: fabian
Jan 9 23:26:01 stm[2475]: <121031> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| |aaa| [rc_server.c:1705] NAS-IP-Address: 127.0.0.1
Jan 9 23:26:01 stm[2475]: <121031> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| |aaa| [rc_server.c:1705] NAS-Port-Id: 0
Jan 9 23:26:01 stm[2475]: <121031> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| |aaa| [rc_server.c:1705] NAS-Identifier: nonasid
Jan 9 23:26:01 stm[2475]: <121031> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| |aaa| [rc_server.c:1705] NAS-Port-Type: 19
Jan 9 23:26:01 stm[2475]: <121031> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| |aaa| [rc_server.c:1705] Calling-Station-Id: 34363bcce418
Jan 9 23:26:01 stm[2475]: <121031> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| |aaa| [rc_server.c:1705] Called-Station-Id: 40e3d6c56f52
Jan 9 23:26:01 stm[2475]: <121031> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| |aaa| [rc_server.c:1705] Service-Type: Login-User
Jan 9 23:26:01 stm[2475]: <121031> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| |aaa| [rc_server.c:1705] Framed-MTU: 1100
Jan 9 23:26:01 stm[2475]: <121031> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| |aaa| [rc_server.c:1705] EAP-Message: \002\003
Jan 9 23:26:01 stm[2475]: <121031> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| |aaa| [rc_server.c:1705] State: }\364\374\305}\344\351\006\300\342\270\225\2659\371\315
Jan 9 23:26:01 stm[2475]: <121031> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| |aaa| [rc_server.c:1705] Aruba-Essid-Name: Test 5G
Jan 9 23:26:01 stm[2475]: <121031> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| |aaa| [rc_server.c:1705] Aruba-AP-Group: instant-C5:6F:52
Jan 9 23:26:01 stm[2475]: <121031> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| |aaa| [rc_server.c:1705] Message-Auth: \016X\341Z1\257*\231\265\347\366.\367\232N\202
Jan 9 23:26:02 stm[2475]: <121031> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| |aaa| [rc_request.c:76] Find Request: id=6, srv=127.0.0.1, fd=18
Jan 9 23:26:02 stm[2475]: <121031> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| |aaa| [rc_request.c:82] Current entry: srv=127.0.0.1, fd=18
Jan 9 23:26:02 stm[2475]: <121050> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| in rc_aal.c(server_cbh),auth result = 1, with user name = fabian
Jan 9 23:26:02 stm[2475]: <121050> <DBUG> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| ACESS_ACCEPT or ACCESS_REJECT message received
Jan 9 23:26:02 stm[2475]: <132207> <ERRS> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| RADIUS reject for station fabian 34:36:3b:cc:e4:18 from server t_OneLoginRadiusServer.
Jan 9 23:26:02 stm[2475]: <132053> <ERRS> |AP 40:e3:d6:c5:6f:52@10.0.9.3 stm| Dropping the radius packet for Station 34:36:3b:cc:e4:18 40:e3:d6:d6:f5:30 doing 802.1x
Also any idea how I can configure with 2FA with the Google Authenticator OTP device?
Best,
Fabian