Wireless Access

Reply
Occasional Contributor II
Posts: 35
Registered: ‎01-21-2015

Not able to configure the fail through in server group

 

We have configured a server group containing LDAP server and internal database for authenticating the user. We are not able to configure the fail through for this group and it is giving error as "

Failthrough cant happen for dot1x without termination

 

Because of this users are getting checked against only internal database and authentication is getting failed. How to enable the fail through in this case?

Guru Elite
Posts: 21,024
Registered: ‎03-29-2007

Re: Not able to configure the fail through in server group

Fail through works best if you are just using captive portal for authentication.  If you are using 802.1x, you need to (1) enable termination and (2) upload a server certificate that your users trust to the controller.  It could be quite a bit of work just to achieve failthrough between ldap and the internal database.

 

Are you doing 802.1x?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 35
Registered: ‎01-21-2015

Re: Not able to configure the fail through in server group

Hi Mr.Colin Joseph,

 

 

We are doing captive portal authentication for employees and guests . they will get only internet access in wireless network. Employees authentiication is against LDAP server and guest user authentication is against internal database.

 

When we were testing , LDAP server was not reachable. After LDAP server came into live , proper authentication is happening for the users. But we havent enabled the fail thorugh for the server group. But how the controller is cheking with next auth server and giving the result?

 

IS it not mandatory to enable that option?

 

Thanks,

Tamil.

Guru Elite
Posts: 21,024
Registered: ‎03-29-2007

Re: Not able to configure the fail through in server group

[ Edited ]

Tamil,

 

The error message that you have is when a server group is assigned to a AAA profile.

 

You want to check your server group in your Captive Portal authentication profile to see if it is assigned to a AAA profile by going to Configuration> Security> Authentication> L3 Authentication> Captive Portal Authentication Profile.  Find the Captive Portal Authentication Profile that is yours and click on the server group attached to it.  Click on "show references" to see where your server group is used.  Alternatively, you can just create another server group and add the internal database and the LDAP server to that group and assign it to the Captive Portal Authentication Profile.

reference.png



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: