Hi all.
I want to set up ARUBA-Controller, and to use Active-Directry as LDAP Server.
Controller logged "To support this configuration dot1x profile 'ldap' should have termination enabled and eaptype set to eap-tls or eap-peap with gtc as the only innereaptype".
So, termination is enabled on controller and set eap-type EAP-PEAP and EAP-GTC.
After configured it, I tried "aaa test-server pap [ldap] [user] [pass]" and terminal was shown "Authentication successful".
However, I actually tried to connect WLAN of LDAP-authentication, authentication was failed....
I typed command "show auth-tracebuf", shown this...
Nov 27 21:13:56 station-up * 70:1a:04:8f:XX:XX 00:24:6c:d6:XX:XX - - wpa2 aes
Nov 27 21:13:56 station-term-start * 70:1a:04:8f:XX:XX 00:24:6c:d6:XX:XX 1 -
Nov 27 21:13:56 eap-term-start -> 70:1a:04:8f:XX:XX 00:24:6c:d6:XX:XX/ldap - -
Nov 27 21:13:56 station-term-start * 70:1a:04:8f:XX:XX 00:24:6c:d6:XX:XX 1 -
Nov 27 21:13:56 station-term-end * 70:1a:04:8f:XX:XX 00:24:6c:d6:XX:XX/ldap 11405 - failure
Nov 27 21:13:56 station-down * 70:1a:04:8f:XX:XX 00:24:6c:d6:XX:XX - -
"eap-term-start" is failure, and I seem that is cause authentication-failure.
Wireless Client used MS-CHAPv2, because can't use EAP-GTC.
If I want to use LDAP server, MUST WirelessClient use EAP-GTC for auth-method?
We use Windows7 and XP for Wireless Client.
Should I get EAP-GTC Plug-in?
so what may be the solution for this other than using radius server.