Security

Reply
Contributor I
Posts: 29
Registered: ‎12-10-2011

Authentication is OK when I try from the controller to IAS server

Authentication is OK when I try from the controller to IAS server, but client can not get authentication on their laptops

can somebody help

Regards,
M. Alajeely
Guru Elite
Posts: 20,418
Registered: ‎03-29-2007

Re: Authentication is OK when I try from the controller to IAS server

Are you doing Captive Portal or WPA2-AES?  Did you look in the IAS Eventviewer under "System" to see the failures?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 29
Registered: ‎12-10-2011

Re: Authentication is OK when I try from the controller to IAS server

Hi

I'm doing WPA2-AES, i can not see any error on  IAS event viewer logs

can you check the attached show auth-tracebuf output maybe you can get something

 

 

Regards,
M. Alajeely
Contributor I
Posts: 29
Registered: ‎12-10-2011

Re: Authentication is OK when I try from the controller to IAS server

sorry i'm using wpa-tkip

 

Regards,
M. Alajeely
Guru Elite
Posts: 20,418
Registered: ‎03-29-2007

Re: Authentication is OK when I try from the controller to IAS server

Your using "Termination" and you should uncheck it by going to:

 

configuration> security> authentication>l2 Authentication> 802.1x profiles.  Find the 802.1x profile that corresponds to your WLAN and make sure that "Termination" is unchecked.  

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 29
Registered: ‎12-10-2011

Re: Authentication is OK when I try from the controller to IAS server

[ Edited ]

it is ticked already and when i trying to connect i got small log in window keep asking me  for username and password then error massage for either username or password error

in case if i un-ticked it, i'll not get this login small window and i could not connect, it keep showing me (trying to connecting)

how i can know whether my  IAS server has a certificate or not.

Regards,
M. Alajeely
Guru Elite
Posts: 20,418
Registered: ‎03-29-2007

Re: Authentication is OK when I try from the controller to IAS server

Your IAS server needs to have a certificate and that would be in the remote access policy under Edit Profile> Authentication> EAP Methods> Edit PEAP.

 

If you don't have a certificate or cannot obtain one, leave Termination Checked, but on your client wireless definition, uncheck "Validate Server Certificate"



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 29
Registered: ‎12-10-2011

Re: Authentication is OK when I try from the controller to IAS server

i was doing 2nd scenario

Termination is Checked and  in client wireless definition the "Validate Server Certificate" is unchecked by applying GPO

but I lost authentication

 

 

 

 

Regards,
M. Alajeely
Guru Elite
Posts: 20,418
Registered: ‎03-29-2007

Re: Authentication is OK when I try from the controller to IAS server

from the auth-tracebuf, it looks like you are doing "machine authentication", which does not work with termination enabled.  You would need to put a certificate on the radius server and uncheck termination for that to work.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 29
Registered: ‎12-10-2011

Re: Authentication is OK when I try from the controller to IAS server

i'm kind of lost, i could not do the CA on the IAS server 2008,

i lost guest captive porter window for the Guest SSID as well

can you tell me how i can rollback and remove "machine authentication"

i wonna do termination with domain credential only

Regards,
M. Alajeely
Search Airheads
Showing results for 
Search instead for 
Did you mean: