Wireless Access

Reply
Frequent Contributor I
Posts: 72
Registered: ‎09-19-2011

LDAP

Hi All,

 

 

I have integrated aruba controller to use authentication from LDAP.

 

AAA test is happening from controller through PAP.

 

Termination is enabled on controller EAP -PEAP and EAP-GTC.

 

EAP-GTC supplicant is installed and made the profile settings as per the document .

 

now i am facing the problem while connecting ...validating identity error

 

 

so what may be the solution for this other than using radius server.

 

 

Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: LDAP

Uncheck "Validate Server Certificate" in your wireless profile.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 72
Registered: ‎09-19-2011

Re: LDAP

[ Edited ]

i tried that also. but still its not working .....as the termination is in controller is that controller need any certificate to push to clients.

 

 

Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: LDAP

Is this a Windows computer?  Did you try connecting from a handheld?

 

Turn on user debugging:

 

config t

logging level debugging user.

 

Try to connect and after it fails, type "show log user 50" to see what is going on.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 72
Registered: ‎09-19-2011

Re: LDAP

1. this is the windows XP client .

 

Logs :

 

 

Apr 25 15:50:08 :501100:  <NOTI> |stm|  Assoc success @ 15:50:08.921250: 00:0c:f1:4d:b6:a8: AP 192.168.29.8-00:1a:1e:5f:22:44-AP125


Apr 25 15:50:08 :501065:  <DBUG> |stm|  Sending STA 00:0c:f1:4d:b6:a8 message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0x1, wmm:0, rsn_cap:0


Apr 25 15:50:08 :522035:  <INFO> |authmgr|  MAC=00:0c:f1:4d:b6:a8 Station UP: BSSID=00:1a:1e:5f:22:44 ESSID=Ldap VLAN=1 AP-name=AP125


Apr 25 15:50:08 :522004:  <DBUG> |authmgr|  MAC=00:0c:f1:4d:b6:a8 ingress 0x10d3 (tunnel 19), u_encr 64, m_encr 64, slotport 0x1022 , type: local, FW mode: 0, AP IP: 0.0.0.0


Apr 25 15:50:08 :500511:  <DBUG> |mobileip|  Station 00:0c:f1:4d:b6:a8, 0.0.0.0: Received association on ESSID: Ldap Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name AP125 Group default BSSID 00:1a:1e:5f:22:44, phy b, VLAN 1


Apr 25 15:50:08 :500010:  <NOTI> |mobileip|  Station 00:0c:f1:4d:b6:a8, 0.0.0.0: Mobility trail, on switch 192.168.29.248, VLAN 1, AP AP125, Ldap/00:1a:1e:5f:22:44/b

Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: LDAP

how about the output of "show auth-tracebuf"



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 72
Registered: ‎09-19-2011

Re: LDAP

Apr 25 15:50:07  station-term-start     *  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44                                 1      -
Apr 25 15:50:07  eap-term-start        ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:50:07  station-term-start     *  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44                                 1      -
Apr 25 15:50:28  station-term-end       *  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                3      -    failure
Apr 25 15:50:55  station-down           *  e0:ca:94:93:30:e4  00:1a:1e:5f:22:40                                 -      -
Apr 25 15:50:56  station-up             *  e0:ca:94:93:30:e4  00:1a:1e:5f:22:43                                 -      -    wpa2 aes
Apr 25 15:50:56  station-term-start     *  e0:ca:94:93:30:e4  00:1a:1e:5f:22:43                                 1      -
Apr 25 15:50:56  eap-term-start        ->  e0:ca:94:93:30:e4  00:1a:1e:5f:22:43/default                         -      -
Apr 25 15:50:56  station-term-start     *  e0:ca:94:93:30:e4  00:1a:1e:5f:22:43                                 1      -
Apr 25 15:51:02  eap-term-start        ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:02  station-term-start     *  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44                                 1      -
Apr 25 15:51:09  station-down           *  e0:ca:94:93:30:e4  00:1a:1e:5f:22:43                                 -      -
Apr 25 15:51:10  station-up             *  e0:ca:94:93:30:e4  00:1a:1e:5f:22:43                                 -      -    wpa2 aes
Apr 25 15:51:10  station-term-start     *  e0:ca:94:93:30:e4  00:1a:1e:5f:22:43                                 1      -
Apr 25 15:51:10  eap-term-start        ->  e0:ca:94:93:30:e4  00:1a:1e:5f:22:43/default                         -      -
Apr 25 15:51:10  station-term-start     *  e0:ca:94:93:30:e4  00:1a:1e:5f:22:43                                 1      -
Apr 25 15:51:13  client-finish         ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  server-finish         <-  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  server-finish-ack     ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  inner-eap-id-req      <-  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  inner-eap-id-resp     ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -    arubadc\nithin
Apr 25 15:51:13  eap-mschap-chlg       <-  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  eap-nak               ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -    EAP-GTC
Apr 25 15:51:13  eap-gtc-token-req     <-  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  eap-gtc-token-res     ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      8
Apr 25 15:51:13  pap-response          <-  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/Ldap-2008                       -      -    arubadc\nithin
Apr 25 15:51:13  eap-tlv-rslt-failure  <-  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  eap-tlv-rslt-failure  ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  eap-failure           <-  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  pap-request           ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -    arubadc\nithin
Apr 25 15:51:13  station-down           *  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44                                 -      -
Apr 25 15:51:13  station-up             *  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44                                 -      -    wpa2 aes
Apr 25 15:51:13  station-term-start     *  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44                                 1      -
Apr 25 15:51:13  eap-term-start        ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  station-term-start     *  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44                                 1      -

Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: LDAP

Do you have a screenshot of your Windows Config?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 72
Registered: ‎09-19-2011

Re: LDAP

[ Edited ]

 Attached the screen shot of wireless profile .

Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: LDAP

Don't see anything.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: