08-31-2012 09:26 AM
We have a difficulty arising from the 'Use Windows Logon Name and Password (and domain if any)' option within the authentication settings.
Our configuration uses termination on the controller, MS-CHAPv2, and EAP with Windows 7 clients set for user authentication.
What happens is that when we use the 'Use Windows Logon' option, users CAN authenticate to the wireless initially, and log in to the domain without issue. If the association times out, or the client roams excessively, loses connectivity and reestablishes, etc. then a small box pops up saying 'Additional information is needed to connect to <SSID>'. The username field in the additional information box is pre-determined by the Windows logon, and the password field is empty. Typing in the correct password results in being unable to re-authenticate, and a 'Bad Password' error on the IAS server. No re-association can occur for the remainder of the Windows logon session.
If we don't use that 'Use Windows Logon Name' option, and enter the wireless username and password manually, it just works seamlessly and there is no issue with re-association to the SSID throughout the entire Windows session.
Any thoughts about why this is occurring and what settings we need to adjust to keep our users' steps to a minimum - the whole idea of using the 'Use Windows Logon' function is to keep them from having multiple logins, or to have to re-authenticate.
08-31-2012 10:19 AM
1. Disable Termination from the controller
2. Ensure that the Radius Server has a Valid Server Certificate that all of your clients trust
3. Use Group Policy to Push out the correct WLAN settings.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs