Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

dot1x authenitcation problem

This thread has been viewed 6 times

  • 1.  dot1x authenitcation problem

    Posted Dec 01, 2014 03:35 AM

    Hi All,

       We are deploying wifi network for a school campus. We have encounter with following authentication errors when not using termination:

     

    Dec 1 22:27:37authmgr[3487]: <522275> <ERRS> |authmgr| User Authentication failed. username=dot1xtest userip=0.0.0.0 usermac=50:46:5d:1e:c4:2f servername=10.3.1.13 serverip=10.3.1.13 apname=DSG03AP08 bssid=94:b4:0f:97:e1:a0
    Dec 1 22:27:37authmgr[3487]: <132207> <ERRS> |authmgr| RADIUS reject for station dot1xtest 50:46:5d:1e:c4:2f from server 10.3.1.13.
    Dec 1 22:27:37authmgr[3487]: <132053> <ERRS> |authmgr| Dropping the radius packet for Station 50:46:5d:1e:c4:2f 94:b4:0f:97:e1:a0 doing 802.1x
     

     

    There is no event show up in the event viewer of Microsoft Radius Server.

     

    When the termination is enabled, the authenitcation is success.

     

    Please help to provide some hints to the problem.

     

    Thank you for the help!

     

    Regard,

    WIlson



  • 2.  RE: dot1x authenitcation problem

    EMPLOYEE
    Posted Dec 01, 2014 03:44 AM

    Did you issue your radius server a server certificate?  If it does not work without termination, that is the reason.

     

     



  • 3.  RE: dot1x authenitcation problem

    Posted Dec 01, 2014 03:50 AM

    Colin,

      Thank you for the quick reply. Do you have any link on how to issue the Server Certification on IAS?

     

     Using the AAA tester on the controller to test the Radius Server was success.

     

    Regards

    Wilson



  • 4.  RE: dot1x authenitcation problem
    Best Answer

    EMPLOYEE
    Posted Dec 01, 2014 03:52 AM

    The link to set NPS up is here:  http://community.arubanetworks.com/t5/Community-Tribal-Knowledge-Base/Step-by-Step-How-to-Configure-Microsoft-NPS-2008-Radius-Server/ta-p/80672

     

    The AAA test server function does not test if the certificate portion of the server is setup correctly.