08-06-2015 04:12 PM
We're finally moving away from a PSK environment and want our users to authenticate via LDAP in the most secure way. We do not have a RADIUS server in place and we are a Novell shop (eDirectory OES ).
I have the LDAP server setup with the preferred connection type set to: start-tls. The L2 dot.1x profile has termination enabled, termination EAP-TYPE: eap-tls and eap-peap are enabled.
Termination Inner EAP-Type: eap-gtc.
I guess what I'd like to know is: is this the most secure way our users can connect without adding a RADIUS server?
Solved! Go to Solution.
08-06-2015 04:15 PM
08-06-2015 04:27 PM
Thanks - what about checking off eap-mschapv2 under the dot1.x profile as well?
Idealy we'd like a RADIUS server in place but we really need to move away from our current pre-shared key environment.
08-06-2015 04:30 PM
08-10-2015 10:13 AM
Thank you. I'm currently testing this out and it's working fine with a blackberry 10 device, Windows 7 and Windows 10 laptops. According to airwave, most of our users (at the moment any ways) are connecting with their androids and ipads. I'm just curious as to how many of our clients will have issues connnecting if they're running fairly new software?
Also, would you suggest using captive portal to authenticate against LDAP?
08-10-2015 10:15 AM
08-10-2015 01:30 PM
ah...ok. Makes sense now. Just an FYI, here's the error message I get:
Radius Server: securelogin.arubanetworks.com
Root CA: GeoTrust Global CA
The server "securelogin.arubanetworks.com" presented a valid certificate issued by "GeoTrust Global CA", but "GeoTrust Global CA" is not configured as a valid trust anchor for this profile. Further, the server "securelogin.arubanetworks.com" is not configured as a valid NPS server to connect to for this profile.