Wireless Access

Reply

Multiple WPA2-AES Auths

Customer running Aruba 7210 controller with WPA2-AES network. RADIUS server is Bradford CM3000, which talks to Windows NPS and AD. When a user connects to wireless, they have to enter their username/password twice every time to successfully connect. Is there any controller configuration that might be causing this?

 

Were also having an issue with automatically reconnecting to the wireless, but I feel that is more a problem with GroupPolicy settings or the devices itself.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com

Re: Multiple WPA2-AES Auths

That's seems like certificate issue
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite

Re: Multiple WPA2-AES Auths

Are the users being prompted to accept a certificate?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: Multiple WPA2-AES Auths

Customer was having issues where the certificate was saying "untrusted" although it was purchased through VeriSign. I'm finding out if it is still an issue, but I was advised that it was being fixed.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Guru Elite

Re: Multiple WPA2-AES Auths

This is normal behavior. It has nothing to do with the certificate being signed by a public CA. It is saying that the certificate (server) has not been explicitly trusted for the SSID/network.

 

Are all of your devices being configured through group policy?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: Multiple WPA2-AES Auths

Ok, that's good to know. Yes, all devices are configured through Group Policy. Is there something in Group Policy they are missing?


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com

Re: Multiple WPA2-AES Auths

Also check in the security logs to see what errors messages are showing up ?

In the NPS policy can you please check under the WPA2/AES settings to see if the correct cert was selected ?

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite

Re: Multiple WPA2-AES Auths

OK. So make sure that the Root CA (that signed the RADIUS server cert) is checked in the config as well as the server names (common name(s) of the certificate(s)) are entered. See below:

 

 peap-win-supplicant.png


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: Multiple WPA2-AES Auths

That seemed to be a major fix for the issues. 

 

Customer did not have "Verify Server Certificate" checked, so they did not have the cert selected. Also they did not have "Use Windows credentials for authentication" checked, which was why it was not automatically connecting them and prompting them for passwords after logging in. Fixed settings and updated Group policy on devices. 

 

We still had a few scattered problem, but determined it was still Microsoft server and Group OU misconfiguration. 

 

Thanks for the help!


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: