Security

Hi all.

I want to set up ARUBA-Controller, and to use Active-Directry as LDAP Server.
Controller logged "To support this configuration dot1x profile 'ldap' should have termination enabled and eaptype set to eap-tls or eap-peap with gtc as the only innereaptype".
So, termination is enabled on controller and set eap-type EAP-PEAP and EAP-GTC.

After configured it, I tried "aaa test-server pap [ldap] [user] [pass]" and terminal was shown "Authentication successful".
However, I actually tried to connect WLAN of LDAP-authentication, authentication was failed....
I typed command "show auth-tracebuf", shown this...

Nov 27 21:13:56 station-up * 70:1a:04:8f:XX:XX 00:24:6c:d6:XX:XX - - wpa2 aes
Nov 27 21:13:56 station-term-start * 70:1a:04:8f:XX:XX 00:24:6c:d6:XX:XX 1 -
Nov 27 21:13:56 eap-term-start -> 70:1a:04:8f:XX:XX 00:24:6c:d6:XX:XX/ldap - -
Nov 27 21:13:56 station-term-start * 70:1a:04:8f:XX:XX 00:24:6c:d6:XX:XX 1 -
Nov 27 21:13:56 station-term-end * 70:1a:04:8f:XX:XX 00:24:6c:d6:XX:XX/ldap 11405 - failure
Nov 27 21:13:56 station-down * 70:1a:04:8f:XX:XX 00:24:6c:d6:XX:XX - -

"eap-term-start" is failure, and I seem that is cause authentication-failure.
Wireless Client used MS-CHAPv2, because can't use EAP-GTC.
If I want to use LDAP server, MUST WirelessClient use EAP-GTC for auth-method?
We use Windows7 and XP for Wireless Client.

Should I get EAP-GTC Plug-in?

so what may be the solution for this other than using radius server.

You must use EAP-GTC with LDAP if you want to use Encryption.

If you don't want to install the EAP-GTC plugin on all your clients, you can use Captive Portal authentication or use WPA2-Preshared key authentication.

Thank you for your reply.

muh.... If we use Windows Server as Auth-server, we should adopt NPS as RADIUS server, doesn't it?

Yes!  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Step-by-Step-How-to-Configure-Microsoft-NPS-2008-Radius-Server/m-p/14392/highlight/true#M6113

Thank you cjoseph!!

I understood well about LDAP-solutinon.