Wireless Access

Reply
MVP
Posts: 360
Registered: ‎05-09-2013

Multiple WPA2-AES Auths

Customer running Aruba 7210 controller with WPA2-AES network. RADIUS server is Bradford CM3000, which talks to Windows NPS and AD. When a user connects to wireless, they have to enter their username/password twice every time to successfully connect. Is there any controller configuration that might be causing this?

 

Were also having an issue with automatically reconnecting to the wireless, but I feel that is more a problem with GroupPolicy settings or the devices itself.


Michael Haring | Senior Network Engineer
Comm Solutions, an Optiv Security Company
www.commsolutions.com | www.optiv.com
MVP
Posts: 4,232
Registered: ‎07-20-2011

Re: Multiple WPA2-AES Auths

That's seems like certificate issue
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite
Posts: 8,330
Registered: ‎09-08-2010

Re: Multiple WPA2-AES Auths

Are the users being prompted to accept a certificate?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 360
Registered: ‎05-09-2013

Re: Multiple WPA2-AES Auths

Customer was having issues where the certificate was saying "untrusted" although it was purchased through VeriSign. I'm finding out if it is still an issue, but I was advised that it was being fixed.


Michael Haring | Senior Network Engineer
Comm Solutions, an Optiv Security Company
www.commsolutions.com | www.optiv.com
Guru Elite
Posts: 8,330
Registered: ‎09-08-2010

Re: Multiple WPA2-AES Auths

This is normal behavior. It has nothing to do with the certificate being signed by a public CA. It is saying that the certificate (server) has not been explicitly trusted for the SSID/network.

 

Are all of your devices being configured through group policy?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 360
Registered: ‎05-09-2013

Re: Multiple WPA2-AES Auths

Ok, that's good to know. Yes, all devices are configured through Group Policy. Is there something in Group Policy they are missing?


Michael Haring | Senior Network Engineer
Comm Solutions, an Optiv Security Company
www.commsolutions.com | www.optiv.com
MVP
Posts: 4,232
Registered: ‎07-20-2011

Re: Multiple WPA2-AES Auths

Also check in the security logs to see what errors messages are showing up ?

In the NPS policy can you please check under the WPA2/AES settings to see if the correct cert was selected ?

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite
Posts: 8,330
Registered: ‎09-08-2010

Re: Multiple WPA2-AES Auths

[ Edited ]

OK. So make sure that the Root CA (that signed the RADIUS server cert) is checked in the config as well as the server names (common name(s) of the certificate(s)) are entered. See below:

 

 peap-win-supplicant.png


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 360
Registered: ‎05-09-2013

Re: Multiple WPA2-AES Auths

[ Edited ]

That seemed to be a major fix for the issues. 

 

Customer did not have "Verify Server Certificate" checked, so they did not have the cert selected. Also they did not have "Use Windows credentials for authentication" checked, which was why it was not automatically connecting them and prompting them for passwords after logging in. Fixed settings and updated Group policy on devices. 

 

We still had a few scattered problem, but determined it was still Microsoft server and Group OU misconfiguration. 

 

Thanks for the help!


Michael Haring | Senior Network Engineer
Comm Solutions, an Optiv Security Company
www.commsolutions.com | www.optiv.com
Search Airheads
Showing results for 
Search instead for 
Did you mean: