Wireless Access

Reply
Occasional Contributor II

Authentication with EAP-PEAP on Windows 10

I'm having the problem about access to the 802.1x SSID with Windows 10 (Only the Lastest updated 10.0 Build 10586)

When I enable the "terminate" on the AAA profile, the clients that using windows 10 can not connect to the SSID, and when I uncheck the terminate option It working fine

What the different between them?

 

and I have attached the informations about the errors when I tried to connect it

 

EAP-PEAP Errors.PNG

 

Guru Elite

Re: Authentication with EAP-PEAP on Windows 10

If you have a radius server, leave termination off.

When termination is enabled, the encrypted tunnel for authentication is created between the client and controller instead of the client and RADIUS server.

Sent from Nine

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Authentication with EAP-PEAP on Windows 10

Thanks for your reply.

Yes I have the RADIUS server, Please describe me what the benefit of the terminate on Controller and the effect when I enabled it and using RADIUS server at the same time?

Guru Elite

Re: Authentication with EAP-PEAP on Windows 10

TCK2534,

 

Termination was introduced long ago when a customer could not stand up a radius server; they would turn on termination and point to an LDAP server, but with modifications required on the client side.  That would work in smaller-scale environments.  If a customer has a radius server, termination should not be used, really.  

 

In your situation, since you turned on termination, the client would have to trust the controller's certificate, which it probably did not...

 

Long story short, do not use termination when you have a radius server..



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Authentication with EAP-PEAP on Windows 10

I was having the same problem with Windows 10 and this helped fix my problem.

However, windows 8.1 is failing to authenticate.

Any help will be appreciated.

Thanks

Guru Elite

Re: Authentication with EAP-PEAP on Windows 10

trixxmanaty,

 

Has it ever worked?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Authentication with EAP-PEAP on Windows 10

It hasn't worked. Only windows 7 and 8 have worked.

Guru Elite

Re: Authentication with EAP-PEAP on Windows 10

You should probably open a new thread, because this is about Windows 10 and EAP-TLS 1.2.  You probably have a different issue....

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP

Re: Authentication with EAP-PEAP on Windows 10

And what is the solution when forced to use termination? Customer is using internal userdb to authenticate their users and has no AD infrastructure.

 

I found a registry 'hack' (https://support.microsoft.com/en-us/kb/3121002) to fix this but can we fix this on the Aruba side?

 

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
New Contributor

Re: Authentication with EAP-PEAP on Windows 10

In case anyone else is still having this issue like we were and can't do a proper fix.  I found a terrible work around that will probably be overwritten with Windows updates and is generally bad practice ... it's literally just a terrible work around ... but it works if you are desperate.

 

Find two older copies fo the rastls.dll and rastlsext.dll files located in C:\Windows\sytem32 folder.  Windows 10 build 10.0.10240 has ones that will work but build 10.0.10586 don't work.

 

On your computer navigate to C:\windows\system32\
Take ownership and give yourself full rights to:
rastls.dll
rastlsext.dll

remove them (move to your desktop if you want to keep a copy "just in case")
Copy over the two older versions into your C:\windows\system32\ folder (the ones I used were from 7/10/2015)
rastls.dll
rastlsext.dll

Reboot and recreate your WiFi profile network (didn't try without deleting the existing profile so you may not need to do this)
You may need to go to a command prompt and run:
netsh wlan delete profile name="profile_name"

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: