Hi all,
I've been playing around with ArubaOS authentication and one that resists to work is the AAA FastConnect or EAP Termination.
My setup consists of:
Aruba 620US running 6.4.4.9
1 AP135
1 Windows server 2012R2 working as CA, DHCP, AD, and NPS.
1 Windows 7 wlan client.
I do have 2 VAPs fully working now.
1 with preshared key
1 regular 802.1x pointing my NPS server without termination.
However, when I try to join the SSID with termination, once I enter the credentials, they do not seem to work and the same credentials are asked once again.
The nps doesn't log anything in the Audit Center and the controller logs I see the following:
Dec 22 15:50:05 stm Deauth to sta: 00:26:82:73:e9:0c: Ageout AP 10.1.10.150-d8:c7:c8:4a:c3:92-AP135 Response to EAP Challenge Failed
To configure termination I've followed the attached document, found in this forums. Its for AOS 3.x and windows2k3, and I didn't follow the document 100%, I do appy eap-peap with mschapv2, and I didn't configure the guest TLS option neither.
So step by step taking in consideration that regular 802.1x works:
Created a new controler CSR.
Uploaded this CSR via https://ipaddress/certsrv
Downloaded as server certificate.
Also downloaded server CA.
Uploaded both certificates to the controller.
Configured a new 802.1x auth profile. Marked Termination, eap-peap, and eap-mschapv2. Selected the CA and server cert just created.
Configured a new AAA profile with the previous created 802.1x profile.
Created a new SSID profile.
Created a new VAP profile and assigned the AAA profile and the SSID profile.
On the client side I'm using the same CA uploaded on "trust root certificates" that I'm using on the regular 802.1x auth.