Security

Reply
Contributor II
Posts: 47
Registered: ‎01-16-2013

eduroam (USERNAME@Domain.Edu strip) failing after reauthentication(?) of AirGroup

I'm working on a new CPPM setup for eduroam, and combining it with AirGroup. I setup eduroam according to the docs from Geant and it works well.  I setup AirGroup according to documentation, and it appears to work well at first, but then mostly stops working. (most iOS devices stop working, a MacOS devices stays working to AppleTV)

 

Since eduroam requires USERNAME@Domain.Edu usernames that get stripped off in the CPPM Service, I create my AirGroup devices (chromecast, AppleTV, etc.) shared to both USERNAME and  USERNAME@Domain.Edu.  But under investication, it appears that AirGroup doesn't honor the USERNAME@Domain.Edu.  In addition, when the iOS devices first connect, they are correctly listed with AirGroup usernames of USERNAME, but after some time or roaming amoung APs, they "reauthenticate" back and their AirGroup usernames become USERNAME@Domain.Edu and they can no longer detect or cast to the shared Airgroup devices.  The controller's user-table always lists them with usernames of USERNAME@Domain.Edu, it's only under "

show airgroup users" that I can see the username changing from USERNAME that works, to later USERNAME@Domain.Edu that doesn't.  I don't have the CPPM eduroam service caching roles and postures in the enforcmement.

 

thanks

mike

Mike Davis
Network Engineer
University of Delaware
Guru Elite
Posts: 8,329
Registered: ‎09-08-2010

Re: eduroam (USERNAME@Domain.Edu strip) failing after reauthentication(?) of AirGroup

Please open a TAC case. That is not expected behavior.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: