12-20-2013 12:39 AM
How can i create a radius server in Aruba controller so that the user points to raduis server and radius server further points to external AD server for authentication.
Requirement: Without implementing external firewall or external radius server, The user should get authenticated by external AD server through internal Radiu server.
12-20-2013 01:22 AM
That would be called Termination. Unfortunately, the only way to authenticate via AD without installing a radius server is using LDAP, but that requires custom software to be installed on each client. IMHO, it is too complicated: https://arubanetworkskb.secure.force.com/pkb/artic
It is alot easier to install a radius server: http://community.arubanetworks.com/t5/Community-Tr
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
12-20-2013 04:22 AM
Thanks for your reply,So by this i understand that we can add server under LDAP SERVER (Configuration-->Authentication-->Server-->LDAP server ) as radius server which will futher point to the mentioned AD server to get the user's credential ( username and password) authenticated. But for doing all this we need to have certificates on each client(user). Am i going to the right direction?
We are using ArubaOS (MODEL: Aruba3400), Version 188.8.131.52
12-24-2013 12:09 AM
Still i am not getting the way to configure Internal Radius server at Aruba wireless controller.
Can you plesse guide how can i configure it.
03-01-2014 02:16 AM
not sure how relevant this is for you still. but you dont configure an internal radius server on the radius controller. you terminate the session and then the authentication is done against the LDAP server.
for this you configure an AAA profile with an dot1x profile in which you enable termination and apply a server group with the ldap server in it.
but as cjoseph points out you need a seperate client on the clients (specially windows) to do EAP-PEAP/GTC as that isnt natively supported. it would make things much easier if you can introduce and actual radius server. of course there is Aruba ClearPass which would be great to use. but Microsoft server can use NPS or you could look to some linux based free alternatives, i.e. freeradius.