Security

Reply
L36
Occasional Contributor II
Posts: 19
Registered: ‎04-08-2015

Setting up basic user authentication to active directory (via radius)

 Using Aruba 6.3.1.15

 

Trying to setup a basic user only auth (to AD) wifi network.  The radius side is fine as I have gone through the AAA test.

 

But when a client tries to connect it asks for the username and password, but then just says it is unable to connect.

 

I am new to Aruba so I am probably missing something basic.  Any step by step guide out there or places to check where I may have gone wrong.

 

 

Guru Elite
Posts: 7,837
Registered: ‎09-08-2010

Re: Setting up basic user authentication to active directory (via radius)

The controller is EAP agnostic. The issue is likely between the client and the RADIUS server.

 

Which RADIUS platform are you using?

Did you install a server certificate on the RADIUS server?

Does the client have the Root CA that signed the RADIUS server certificate?


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
L36
Occasional Contributor II
Posts: 19
Registered: ‎04-08-2015

Re: Setting up basic user authentication to active directory (via radius)

Windows 2008 R2 server for radius

 

Ideally for this test network they want is with mininal issues for the user (so only minial use of certs).  The aim is easy of use rather then security.

 

Server does have a cert.  When the client trying to connect it asking to accept the cert but then says unable to connect. 

Guru Elite
Posts: 19,964
Registered: ‎03-29-2007

Re: Setting up basic user authentication to active directory (via radius)

Please take a look at the document  here:

 

 http://community.arubanetworks.com/aruba/attachments/aruba/115/6113/1/Using+Microsoft+Windows+2008+Server+With+Aruba.pdf

 

...to see how to set things up.  

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
L36
Occasional Contributor II
Posts: 19
Registered: ‎04-08-2015

Re: Setting up basic user authentication to active directory (via radius)

Thanks, will take a look.

 

I am fairly sure I know the answer to this, but is there anyway in which clients can connect to a wifi network with their Active Directoy details without the use of any certs?

 

Thanks again

Guru Elite
Posts: 19,964
Registered: ‎03-29-2007

Re: Setting up basic user authentication to active directory (via radius)

At Minimum, your radius server needs a certificate, even when authenticating usernames and passwords.   That is as per the standard.   It is in the document.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
L36
Occasional Contributor II
Posts: 19
Registered: ‎04-08-2015

Re: Setting up basic user authentication to active directory (via radius)

Justing looking through the document.

 

Is there any issues with the Radius server not to be sitting on a domain controller.  We ideally want the radius to be a different server to our DCs.

 

Is that asking for problems down the line?

Guru Elite
Posts: 19,964
Registered: ‎03-29-2007

Re: Setting up basic user authentication to active directory (via radius)

It only has to be a domain member.  No problems down the line.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
L36
Occasional Contributor II
Posts: 19
Registered: ‎04-08-2015

Re: Setting up basic user authentication to active directory (via radius)

Cool, that is what I thought.

 

Setup a new server just running radius.  (it is on the domain)

 

I have setup radius and gone through the certificate part of the document and all went has expected.

 

Now when using the connection on the AAA Test Server is says AAA server timeout.  I will recheck the radius settings.  Hopefully it is just a typo.

 

Guru Elite
Posts: 19,964
Registered: ‎03-29-2007

Re: Setting up basic user authentication to active directory (via radius)

Check to make sure you have the controller listed as a radius client, with the correct radius secret.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: