Wireless Access

Reply
New Contributor
Posts: 3
Registered: ‎10-31-2013

Documentation on IAP 802.1x LDAP authentication to Windows AD?

[ Edited ]

I've created an LDAP authentication server successfully within the IAP, associated it with my WPA-2 Enterprise SSID, but when the SSID is selected, clients prompt for username/password, and I get "RADIUS reject for station first.last XX:XX:XX:XX:XX:XX from server ldap-servername" in the logs.

 

This is configured as an LDAP server (not radius), and all the documentation I'm finding points to setting up Radius on Windows... but why is this necessary if I can make a LDAP query to AD?

 

I'm on 6.4, and reading throught the 802.1x auth portion, as well as Googling - but not getting a clear path here.

 

Thanks for any direction.

 

 

Guru Elite
Posts: 8,762
Registered: ‎09-08-2010

Re: Documentation on IAP 802.1x LDAP authentication to Windows AD?

What authentication method are you using?

Does your client support EAP-GTC?

How are your passwords stored in LDAP?

Using a RADIUS server is the recommended way.

Sent from Nine

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 3
Registered: ‎10-31-2013

Re: Documentation on IAP 802.1x LDAP authentication to Windows AD?

Just found this - which addressess pretty similar query:

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/RADIUS-vs-LDAP/td-p/23344

 

But for continuity:

 

What authentication method are you using?

The intent is to use 802.1x authentication:

(http://www.arubanetworks.com/techdocs/InstantHTML/Content/Chapter11%20Authentication/AuthenticationMethods.htm)


Does your client support EAP-GTC?

Attempted Win7, 8.1, and iOS.  From my reading this morning, apparently not.

How are your passwords stored in LDAP?
No confident idea.  This is a Windows AD server, and a direct LDAP query to it; a quick google isn't producing a response for this context.

 

Using a RADIUS server is the recommended way.

Thats what I'm gathering - but stumped on why it appears I can configure it that way, and documentation is so slim.

 

I do appreaciate the input.

 

Frequent Contributor I
Posts: 72
Registered: ‎04-03-2007

Re: Documentation on IAP 802.1x LDAP authentication to Windows AD?

LDAP is a protocol that is used for looking up and potentially authenticating users against an established directory database. This is generally fine for captive portal authentication but not typically used for 1X unless you have an intermediary like Clear Pass. Also, do not use the standard unencrypted port (389) which is clear text. Instead use LDAPS (636) for encrypted (SSL) communication between the controller and server. 

 

Using IAS/NPS on your Windows server as the RADIUS server is the preferred method for authentication. IAS/NPS will use AD for authentication lookups on computers and users. This is a much more secure and efficient method than doing termination on and lookups from the virtual controller. 

 

Here are some good resources; 

http://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/802.1x.php

http://community.arubanetworks.com/aruba/attachments/aruba/115/6113/1/Using+Microsoft+Windows+2008+Server+With+Aruba.pdf%C2%A0or

 

Hope this helps you out. 

Michael McNamee
Sr. Network Engineer - SecurEdge Networks
ACMP / ACDX / AWMP

http://www.securedgenetworks.com/secure-edge-networks-blog/
New Contributor
Posts: 3
Registered: ‎10-31-2013

Re: Documentation on IAP 802.1x LDAP authentication to Windows AD?

Sure does.  Thank you.

Search Airheads
Showing results for 
Search instead for 
Did you mean: