Security, WIDS/WIPS and Aruba ECS

Reply
New Contributor
Posts: 2
Registered: ‎02-17-2011

IAS/RADIUS Spam in Event Viewer

All,

I'm using an Aruba 6000 with a 3200 operating in tandem using VRRP. This is on a military installation (read that as, 'very congested network'). Currently using version 3.3.2.19-FIPS on the 6000. Our authentication service is RADIUS, based on physical token (CAC)/password.

The problem: all users receive a blanket error- Client Issued Alert 42 (Bad Certificate) when trying to connect.

Troubleshooting: all users, all laptops, all areas on our campus covered by our WLAN, WLAN itself is running, base networked VLAN and WLAN operating as I configured months ago. Odyssey Client 5.3 (horrible by the way, vendors reading this message please offer something better to the government than the OAC, it's totally unreliable) used on all laptops. 44 AP60s, all provisioned correctly according to the 6000.

Findings: When troubleshooting the connection past the 6000, since the error specifically faults a certificate, I read through the event viewer system log on the server that houses IAS/RADIUS and found hundreds of warning messages stating that users were attempting to gain access and were prohibited based on 'Reason = The supplied message is incomplete. The signature was not verified.' However, the log shows this error every 29 to 32 seconds, which means IAS must be getting spammed. This carries on for approximately 40 minutes every time. I myself have tried logging in, watched the error pop, then pulled my token from the laptop only to watch the log fill up with spam from the laptop still trying to connect. How can I correct this?

Any help would be appreciated.
Guru Elite
Posts: 20,576
Registered: ‎03-29-2007

Re: IAS/RADIUS Spam in Event Viewer

That simply means that all users do not yet truse the radius certificate. Did this ever work?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 2
Registered: ‎02-17-2011

Re: IAS/RADIUS Spam in Event Viewer

It did, for several months. However, after further investigation I have found that the EAP provider used for authentication has changed from one certificate authority (CA) (IAS - Remote Access Policies - Wireless User Access - Authentication - EAP Method) to another. When installing Odyssey Access Client (OAC) 5.3 on these laptops the trusted server used is now incorrect. Not having control of the CA itself due to being on a military network, I'm not sure how closely knit the different CAs are and therefore this may be the cause of IAS not permitting access, since the issuing certificate could not be found on the trusted source provided by the OAC. This will be tested tomorrow when I can get my hands on a client's laptop. Thoughts?
Guru Elite
Posts: 20,576
Registered: ‎03-29-2007

Re: IAS/RADIUS Spam in Event Viewer

It has to be in the trusted store, otherwise the client will continue to fail with that message. There is no way around that.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: