Security

Reply
New Contributor
Posts: 1
Registered: ‎01-24-2013

802.1x authentication with domain user

Hi,

 

Recently we have setup a new Aruba 650 controller with AP-93 APs for our environment.

 

We have successfully configure to use 802.1x to authenticate our domain users on our wireless LAN.

But somehow encounter a weird symptom.

 

Symptom as follows:

Some users using either UPN or pre-Windows 2000 login to their Windows 7, are able to connect to the Wireless LAN.

Whereas some users can only use UPN to login to their Windows 7, then can connect to the Wireless LAN.

On the RADIUS server, the event log will indicate the user name or password is incorrect if users are using pre-Windows 2000 method to login to Windows 7 when try to connect to the Wireless LAN.

 

All our users have same name for UPN and pre-windows 2000.

 

Anyone encounter such issue and get it resolved.

 

Thanks

 

 

Occasional Contributor II
Posts: 12
Registered: ‎08-07-2012

Re: 802.1x authentication with domain user

Long shot but...check the radius requests.  I had my radius server limited to "Ethernet" types so its was being denied as the request wasn't of Ethernet type (I was working with wired access.)

 

What radius server are you using?

 

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: 802.1x authentication with domain user

Can you summarize your AD/RADIUS setup?   From your post, it sounds like users are in the same domain ( you mention same UPN and Pre-Windows 2000 domain).   Is that true?    What is serving your RADIUS?  If it is Windows IAS or NPS, can you attach a copy of a failed and a successful logon for comparison?   If it is another RADIUS server, please do the same for that product.  Also, are the Windows 7 systems you are using in this test case members of the domain; and is the wireless configuration set to prompt them to logon; or is using their currently logged on credentials?


 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Search Airheads
Showing results for 
Search instead for 
Did you mean: