Wireless Access

Reply
Frequent Contributor I
Posts: 177
Registered: ‎05-18-2011

802.1x authentication with mschapv2 it is need install certificate?

Hi All,

 

I still new for Aruba user authentication. Currently i have implement 802.1x authentication for my customer by using Microsoft Peap. I have configure Windows 2008 R2 RADIUS server (NPS) use Microsoft peap and also already configure the Aruba controller AAA authentication profile (as below attached screen capture).

 

I use the laptop try connect to broadcasted SSID (802.1x authentication). It take a while (10 to 30 sesconds) to complete connect the SSID but after that windows prompt to install Aruba controller certificate.

 

My customer say it is possible don't prompt to install the certificate? Because they end user don't like this annoying thing. 

Guru Elite
Posts: 20,759
Registered: ‎03-29-2007

Re: 802.1x authentication with mschapv2 it is need install certificate?

On the Client, uncheck "Validate Server Certificate".  

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 177
Registered: ‎05-18-2011

Re: 802.1x authentication with mschapv2 it is need install certificate?

Hi Joseph,

 

Ok, i will try on that. 

 

Btw, about the Windows 2008 R2 RADIUS server, it is neccesary install and configure CA server and self generate the certificate? Because i have go through the Aruba user guide it stated need to do so. 

 

But i does not install, configure and self generate the certificate.

Guru Elite
Posts: 20,759
Registered: ‎03-29-2007

Re: 802.1x authentication with mschapv2 it is need install certificate?


jordontin wrote:

Hi Joseph,

 

Ok, i will try on that. 

 

Btw, about the Windows 2008 R2 RADIUS server, it is neccesary install and configure CA server and self generate the certificate? Because i have go through the Aruba user guide it stated need to do so. 

 

But i does not install, configure and self generate the certificate.


To install it properly, you should install the Radius Server Certificate, just like the guide states, and then uncheck Termination in the Aruba 802.1x profile.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 177
Registered: ‎05-18-2011

Re: 802.1x authentication with mschapv2 it is need install certificate?

Hi Jospeh,

 

After i uncheck the "Validate Server Certificate" the laptop successful do the authentication provide need to "Check or tick" the "Microsoft Encrypted Authentication Version 2 (MS-CHAP v2) on the WIndows 2008 R2 radius server. 

 

If i uncheck or untick the "Microsoft Encrypted Authentication Version 2 (MS-CHAP v2) on the WIndows 2008 R2 radius server", windows client always keep on asking key in the password.

 

it is possible uncheck or untick the Microsoft Encrypted Authentication Version 2 (MS-CHAP v2) on the WIndows 2008 R2 radius server", then it would not always prompt to key in the password.

Guru Elite
Posts: 20,759
Registered: ‎03-29-2007

Re: 802.1x authentication with mschapv2 it is need install certificate?


jordontin wrote:

Hi Jospeh,

 

After i uncheck the "Validate Server Certificate" the laptop successful do the authentication provide need to "Check or tick" the "Microsoft Encrypted Authentication Version 2 (MS-CHAP v2) on the WIndows 2008 R2 radius server. 

 

If i uncheck or untick the "Microsoft Encrypted Authentication Version 2 (MS-CHAP v2) on the WIndows 2008 R2 radius server", windows client always keep on asking key in the password.

 

it is possible uncheck or untick the Microsoft Encrypted Authentication Version 2 (MS-CHAP v2) on the WIndows 2008 R2 radius server", then it would not always prompt to key in the password.


You can uncheck the mschapv2 on the server.  Who issued the server certificate to the Radius Server?  What is the CA?  The clients must have the CA certificate in their trusted store, for it to stop asking to accept.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 177
Registered: ‎05-18-2011

Re: 802.1x authentication with mschapv2 it is need install certificate?

[ Edited ]

I already put the CA certificate on the trusted store. But it still prompt to accept the certificate of the "securelogin.arubanetworks.com" certificate instead the radius servercertificate, if i check "validate Server Certificate".

 

About the CA certificate was auto generate when i setup the windwos RADIUS server but the CA certificate was issued by HQ CA server.

Guru Elite
Posts: 20,759
Registered: ‎03-29-2007

Re: 802.1x authentication with mschapv2 it is need install certificate?

In Configuration> Security> layer2 Authentication> 802.1x profiles, find your 802.1x profile and make sure 802.1x termination is disabled (unchecked).



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 231
Registered: ‎05-04-2011

Re: 802.1x authentication with mschapv2 it is need install certificate?

"To install it properly, you should install the Radius Server Certificate, just like the guide states, and then uncheck Termination in the Aruba 802.1x profile."

 

I need to do this exact thing. Where can I find this "guide" ? 

Guru Elite
Posts: 20,759
Registered: ‎03-29-2007

Re: 802.1x authentication with mschapv2 it is need install certificate?

Search Airheads
Showing results for 
Search instead for 
Did you mean: