03-23-2012 03:16 AM
We have a Aruba setup using 802.1x authentication against a microsoft IAS server that's a member of domain A.
We will be fully migrating from domain A to domain B. Therefore I would like to accomplish users from both domain A and B to log onto our wireless for the time being.
We have network policies set up in NPS to authenticate users and computers from domain A and this is working fine. I've duplicated these policies to enable user and computer accounts from domain B to have access but this isn't working.
Domain A and B have a two way trust.
Anyone got any ideas how I can accomplish this?
03-23-2012 06:42 AM - edited 03-23-2012 06:43 AM
You still need to setup radius proxy for this to work reliably. In addition, all authentication requests must send the FQDN of the domain in the user field so that the first radius server knows where to send the authentication. http://technet.microsoft.com/en-us/library/cc785693(v=ws.10).aspx
You could also setup multiple radius servers in the Aruba server group and enable failthrough, but you need to turn on termination in the 802.1x profile and upload a server certificate to the controller that both domains trust, for this to work.
Radius proxy is probably the first think I would try....
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base