Controllerless Networks

Hi,

 

our setup:

-Radius against Windows Server 2008 R2 NPS

-OKC, 802.11k, 802.11v enabled

 

Linux Users roam totally fine with a small hickup about 1 second, but Mac users often loose connection for up to 20 seconds and stay in state authenticating.

 

All our Mac books are affected. It makes no difference if we Terminate EAP at the APs or not.

 

The only approach brought help was to use VC internal authentication. Then the macbooks were authenticating with peap-gtc and roaming is just as fine as with linux. But this is no way to go because we cant double maintain our users.

 

We are using current EA release.

 

Thanks for your help

On a test client, try going into keychain, locating the RADIUS server cert
and changing it's permission to Full Trust. See if you have the same issue
after that.

Did already tried that with the whole cert chain. Furthermore i've tested it with termination and without. Doesnt change anything.

 

I see a difference between Windows NPS server and internal Radius..

 

While NPS server authenticates mschapv2, internal radius server implements eap-gtc.

 

Is it possible to setup an freeradius server which defaults to eap-gtc and mschap as fallback for windows clients?

 

 

 

//Edit: We ended up with a ugly but working solution. We've set up another SSID for apple devices., authenticating against LDAP with Termination enabled. Sadly Aruba Instant Firmware doesnt allow to bind to encrypted LDAP. Hopefolly the main problem and LDAPs can be fixed.