Wireless Access

Reply
New Contributor

802.1x and multi domain authentication

Hi Everyone,

 

We have a Aruba setup using 802.1x authentication against a microsoft IAS server that's a member of domain A.

 

We will be fully migrating from domain A to domain B. Therefore I would like to accomplish users from both domain A and B to log onto our wireless for the time being.

 

We have network policies set up in NPS to authenticate users and computers from domain A and this is working fine. I've duplicated these policies to enable user and computer accounts from domain B to have access but this isn't working.

 

Domain A and B have a two way trust.

 

Anyone got any ideas how I can accomplish this?

 

Thanks,

Guru Elite

Re: 802.1x and multi domain authentication

You still need to setup radius proxy for this to work reliably.  In addition, all authentication requests must send the FQDN of the domain in the user field so that the first radius server knows where to send the authentication.  http://technet.microsoft.com/en-us/library/cc785693(v=ws.10).aspx

 

You could also setup multiple radius servers in the Aruba server group and enable failthrough, but you need to turn on termination in the 802.1x profile and upload a server certificate to the controller that both domains trust, for this to work.

 

Radius proxy is probably the first think I would try....

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: