Security

Reply
Occasional Contributor II
Posts: 40
Registered: ‎07-06-2011

Windows Machines will not connect!!!

I work for a school district and manage our network. We have Aruba brand mobility controllers and access points at each of our sites. We have 802.1x authentication setup and authentication takes place via our LDAP service on our Apple Server. Pretty much all of our clients are Apple computers and they all connect just fine to our network. They choose the network, it asks for credentials and they are online. However I can not get any Windows machine to connect. I do the same proceedure, choose the network, it asks for credentials, put in the same thing I would put in for the Apple machines but then it just keeps asking for credentials until it finally tells me it can not connect. I have tested this with multiple machines using both Windows XP and 7, both proffesional. Any tips would be greatly appreciated for our few Windows users who have been teathered to the wall for too long.  

Guru Elite
Posts: 21,537
Registered: ‎03-29-2007

Re: Windows Machines will not connect!!!

Are you using EAP-GTC to connect your apple devices?  You need to install an EAP-GTC supplicant on your Windows Devices as well..

 

http://community.arubanetworks.com/t5/ArubaOS-and-Mobility-Controllers/Can-I-make-the-802-1x-authentication-Via-LDAP-server/td-p/17610



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 102
Registered: ‎06-17-2009

Re: Windows Machines will not connect!!!

Windows machines require you to manually configure the supplicant for the appropriate 802.1x settings. You'll have to set the EAP type , encryption, install the certificate (or, uncheck "Validate Certificate"), and possibly some other items. 

 

Large Windows deployments usually do this via group policy so it's automated,  it perhaps that what you're overlooking. Macs deal with 802.1x much more elegantly than Windows does. 

EDDIE FORERO | @HeyEddie
Occasional Contributor II
Posts: 40
Registered: ‎07-06-2011

Re: Windows Machines will not connect!!!

Thank you for the tips. However I am still having issues. I have installed the plug in that is available on Aruba's support site. I walk through all the steps they document in their instructions sheet for manually setting up with the wireless settings. 

- Set SSID and Security type (WPA2 / AES)

- Under Secutity settings made sure authentication method is set to Microsoft: Protected EAP 

- Under PEAP settings, changed authentication mode to EAP-Token

- Immediately after saving settings, I am asked to provide additional information, my credentials

- I have entered various credentials including my own

After all this it just says Windows was undable to connect to my ssid.

One thing I am noticing is that it is alo asking for the logon domain. I am not sure what domain it is looking for. As I mentioned previously we are using all Apple servers. My Kerberos Realm is main.losd.ca. I am not sure if that is what it want's. I've tried it anyway and no go. 

 

So, any other tips?

Guru Elite
Posts: 21,537
Registered: ‎03-29-2007

Re: Windows Machines will not connect!!!

1.  Do you have an LDAP server setup in the controller?

2. Can you test it under Diagnostics> AAA Test Server with a valid username/password?  You cannot proceed unless you get a positive result.

3.  Is that LDAP server in a server group

4.  Is that Server Group in the AAA profile under the Virtual AP you want to test?

5.  Do you have Termination Enabled in the 802.1x profile along with EAP-PEAP, MsChapV2?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 40
Registered: ‎07-06-2011

Re: Windows Machines will not connect!!!

1.  Do you have an LDAP server setup in the controller?

 

- Yes, see Diagram 01

 

2. Can you test it under Diagnostics> AAA Test Server with a valid username/password?  You cannot proceed unless you get a positive result.

 

- Yes, see Diagram 02

 

3.  Is that LDAP server in a server group

 

- Yes, See Diagram 03

 

4.  Is that Server Group in the AAA profile under the Virtual AP you want to test?

 

- Yes, See diagram 04

 

5.  Do you have Termination Enabled in the 802.1x profile along with EAP-PEAP, MsChapV2?

 

- Yes, See diagram 05

 

Let me know what you think.

Guru Elite
Posts: 21,537
Registered: ‎03-29-2007

Re: Windows Machines will not connect!!!

[ Edited ]

The last thing I would do is uncheck "Validate Server Certificate" to see if the issue is your clients not trusting the Aruba Controller's built-in Certificate.

 

 

You have the important points taken care of.  Please open a support case so they can obtain more details and get you help with this.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 40
Registered: ‎07-06-2011

Re: Windows Machines will not connect!!!

Also, as mentioned before, this is and has been working just fine with Apple clients. It is only Windows clients that have the problem.

Occasional Contributor II
Posts: 40
Registered: ‎07-06-2011

Re: Windows Machines will not connect!!!

Unfortunately our support contract ran out and my district can not afford to renew. So that is why I have gone straight to the forums.

Guru Elite
Posts: 21,537
Registered: ‎03-29-2007

Re: Windows Machines will not connect!!!

It works seamlessly on Apple clients because they have a built in eap-gtc client support, so it is relatively easy for them to connect to most networks. To have a Windows devices connect to a non windows network is not easy. Since you are connecting via LDAP, what is your back end LDAP server?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: