Wireless Access

Reply
Frequent Contributor I
Posts: 83
Registered: ‎11-01-2010

Client Behavior connecting with LDAP

Hi,

I am working with a customer who implemented LDAP with AOS6.1.2.4, using Radius was not an option, I have them using the PEAP-GTC plugin found on the Aruba Support page.  Client is using XP and Windows 7. I had them setup the client exactly as stated in the Aruba PEAP-GTC User Guide.

 

When they try to connect, they get splashed with box asks them to "Terminate" or "Connect".  If connect is chosen, it goes into a continual loop. If terminate is selected,  they get a "Connecting to (name of network" and a Enter credentials box pops up and when they try to enter credentials, it fails.  I have had the user test connectivity  with their credentials from within the Aruba Controller using the Diagnostic tool used for testing username and passwords to an  External server.

 

What is the correct process for a client using the Aruba PEAP-GTC plugin?  Is there a way to save credentials so they don't have to enter them everytime in Windows?

 

Thanks.

Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: Client Behavior connecting with LDAP

Windows should save the credentials automatically. It will only ask you for credentials if they are incorrect. Have you ever gotten this to work?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 83
Registered: ‎11-01-2010

Re: Client Behavior connecting with LDAP

Yes, I did get it to work before I left the customers location. I tested it with a customers Windows 7 machine.

 

I believe when the most recent issues popped up, the customer was testing someone elses credientials on their machine. Is there an issue with that?

Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: Client Behavior connecting with LDAP


syurick wrote:

Yes, I did get it to work before I left the customers location. I tested it with a customers Windows 7 machine.

 

I believe when the most recent issues popped up, the customer was testing someone elses credientials on their machine. Is there an issue with that?


Only if the credentials are incorrect.  Windows should automatically cache the credentials after connecting successfully.  Is this a Windows Domain?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Moderator
Posts: 908
Registered: ‎07-29-2010

Re: Client Behavior connecting with LDAP

Does Windows 7 client support PEAP-GTC? A couple of years ago we had to install Intel Proset in every laptop because Windows XP's wireless client only supported PEAP-MSCHAPv2...

Samuel Pérez
ACMP, ACCP, ACDX#100

---

If I answerd your question, please click on "Accept as Solution".
If you find this post useful, give me kudos for it ;)
Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: Client Behavior connecting with LDAP


samuel.perez wrote:

Does Windows 7 client support PEAP-GTC? A couple of years ago we had to install Intel Proset in every laptop because Windows XP's wireless client only supported PEAP-MSCHAPv2...


Aruba has a PEAP-GTC shim for Windows 7 and Windows XP on the support website.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 83
Registered: ‎11-01-2010

Re: Client Behavior connecting with LDAP

Yes, sorry I forgot to include that in my original post.  It is a Windows domain, running Server 2003.

 

I am having the my customer try authenticating using the diagnostic tool in the controller to rule out improper credentials.

 

Not sure if it matters but I am using "Clear-text" as the preferred connection type for the time being.  If I were to change that to LDAP-S, what would I need to do to make that work? go out and get a cert to and apply it onto the controller in the 802.1x profile? Or can the controller use the built-in cert when using LDAP-S?

Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: Client Behavior connecting with LDAP


syurick wrote:

Yes, sorry I forgot to include that in my original post.  It is a Windows domain, running Server 2003.

 

I am having the my customer try authenticating using the diagnostic tool in the controller to rule out improper credentials.

 

Not sure if it matters but I am using "Clear-text" as the preferred connection type for the time being.  If I were to change that to LDAP-S, what would I need to do to make that work? go out and get a cert to and apply it onto the controller in the 802.1x profile? Or can the controller use the built-in cert when using LDAP-S?


With LDAP-S the only certificate would be on the LDAP server.  No cert is required on the controller; it will accept any non-expired certificate from the ldap server during the transaction.  Just change the auth port to 636, which is the port that ldap-s communicates over.

 

Last, but not least, please consider using Radius on the Windows 2003 server instead so that you would not have to configure eap-gtc on each client.  In addition, it provides a more seamless experience on your clients.   Detailed instructions for this are here: http://community.arubanetworks.com/t5/Authentication-and-Access/Step-by-Step-How-to-Configure-Microsoft-IAS-Radius-Server-from/m-p/14391/highlight/true#M80



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 83
Registered: ‎11-01-2010

Re: Client Behavior connecting with LDAP

So, must I have a certificate on the LDAP server to run LDAP-S?  Or can I just change the preferred connection method to LDAP-S on the controller and the port number and it should be good to go?

 

This is a small deployment with limited number of users 10-15 using the internal SSID so rolling out to the entire company is not an issue at this time.

 

 

Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: Client Behavior connecting with LDAP

 


syurick wrote:

So, must I have a certificate on the LDAP server to run LDAP-S?  Or can I just change the preferred connection method to LDAP-S on the controller and the port number and it should be good to go?

 

This is a small deployment with limited number of users 10-15 using the internal SSID so rolling out to the entire company is not an issue at this time.

 

 


Yes, you must have a certificate on the LDAP server:  http://support.microsoft.com/kb/321051

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: