Wireless Access

Reply
Occasional Contributor II
Posts: 17
Registered: ‎09-16-2011

What kind of authentication I should use?

Hi team, me again.

My problem here is that,I need to configure the controller (Aruba 800) to permit the users login into the company domain without intervention of them.
Is any way to perform this task with a minimal installation of extra soft in the users PC´s.
I could install an LDAP server authentication but I installed the APT-GTC plugin to permit me use this kind of authentication.
Reading the documentation I found that I can use a RADIUS server and install certificates in the controller and users' PC´s.

A year ago a similar scheme was installed in the controller and the users, used WPA & TKIP for authentication (this is all the info I´ve got), but the old company erased all the configurations and we are using a password authentication scheme

I need the users does not type their credentials and the controller should recongnize taht the users belongs to the domain.

Sorry for my english, if you need to more info I will try to explain better!

Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Re: What kind of authentication I should use?

You need to move away from LDAP and the GTC plugin.  It is only for users who must use LDAP.  Computers that use Active Directory do not need to do that.

 

The ArubaOS user guide in the back appendix says how to install both the server and client side on Windows to support radius.  Their method will allow domain machines to login without intervention.  If you have Windows 2003 server, check out the post here:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Step-by-Step-How-to-Configure-Microsoft-IAS-Radius-Server-from/m-p/14391/highlight/true#M6112

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 17
Registered: ‎09-16-2011

Re: What kind of authentication I should use?

cjoseph

thanks again for your help! I will check the info you've send me!

 

Regards.

Aruba Employee
Posts: 10
Registered: ‎04-02-2007

Re: What kind of authentication I should use?

I generally learn towards IAS or NPS in the  MS Server itself. It's a direct tie in to AD groups and windows supports EAP and MSChap natively. There is also a WZC (windows zero config) tool on our support site somewhere that can help with setting up the windows clients for 802.1x. LDAP is so limited and like you said, you need to load IGTC clients to use LDAP.

Occasional Contributor II
Posts: 17
Registered: ‎09-16-2011

Re: What kind of authentication I should use?

Team, can I implement a RADIUS scheme over a windows 2008 server?

I mean, the porceess to set up the services are the same?

Aruba Employee
Posts: 10
Registered: ‎04-02-2007

Re: What kind of authentication I should use?

Absolutely. Yes. I believe in 2008 it is regarded as NPS, and is simply the Radius front end to Active Directory. We have a document somewhere that outlines the steps to set up NPS in Server 2008.

Aruba Employee
Posts: 10
Registered: ‎04-02-2007

Re: What kind of authentication I should use?

search for this:

 

Step-by-Step: How to Configure Microsoft NPS 2008 Radius Serverfrom Scratch

 

and you'll find that document for setting up NPS 2008.

 

Occasional Contributor II
Posts: 17
Registered: ‎09-16-2011

Re: What kind of authentication I should use?

Thanks very much team! I'm going to check that!

 

Occasional Contributor II
Posts: 17
Registered: ‎09-16-2011

Re: What kind of authentication I should use?

Hi team..me again!

Sorry for the delayed answer. I could install a RADIUS server on a Win 2003 server. I tested the connection to the RADIUS via

 

Diagnostic ---> AAA Test Server

 

and I could test it in a succesfull way (but only in PAP authentication method ¿is this ok?).

 

I could not loggin myself to the wireless network. When I try to logging I can see a message in the wireless network list which says:

 

Validating identity

Security-enabled wireless network (WPA2)

 

How can I trace the error? I think I have a missconfigured item or something that I do not perform but I dont know where.

 

 

Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Re: What kind of authentication I should use?

[ Edited ]

Your remote access policy on the IAS server needs to have MsCHAPv2 enabled, in addition to pap.

 

After you do that, your AAA test server should work.  MsChapv2 is what clients use to connect and needs to be enabled in the remote access policy.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: