Wireless Access

Reply
Occasional Contributor I

Windows 10 Ldap Active Directory Authentication not working

i have succefully configured a virtual controller to authenticate Users usign Ldap (active directory). on WIndows 7 a user is able to connect succefully without any problem, but on windows 10 users are not able to authenticate. The username and password popup will just keep coming back. on both Win 7 and 10 i have installed the PEAP-GTW plugin and created my wireless network manullay on the PC. on windows 7 it connects well using the AD credentials. but on windows 10 nothing. 

 

Any ideas were i can start to look at.

Guru Elite

Re: Windows 10 Ldap Active Directory Authentication not working

If you have a Windows server, you should be installing NPS, a radius server instead of using LDAP with EAP offload.  The PEAP-GTC plugin has not been updated in years, because it was just a stopgap for people who could not stand up a Radius Server.  Anyone with a Windows Server can add NPS and authenticate their users there, instead of installing a piece of software on every client that will never be updated.

http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Step-by-Step-How-to-Configure-Microsoft-NPS-2008-Radius-Server/m-p/14392/highlight/true#M6113

 

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor I

Re: Windows 10 Ldap Active Directory Authentication not working

So an update on this issue

 

When using LDAP

1. Windows 7 was connecting using PEAP plugin. (tried creating manaul connection in windows networking as well)

2. Windows 10 was nto able to connect using PEAP plugin.

3. IOS 11 not abel to connect

 

I have installed NSP on the WIndows server and confogured Radius on the Vortual controller. ( removed PEAP Plugin)

1. now Windows 7 is not able to connect.

2. Windows 10 is able to connect

3. IOS 11 able to connect.

 

Tried contacting Aruba TAC, but the guys seem not to be knowledgeble on how to troubleshoot this one. 

Guru Elite

Re: Windows 10 Ldap Active Directory Authentication not working

You should make sure that Termination is not enabled in the 802.1x profile, so that the Windows computers will see the certificate from the NPS Radius Server.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor I

Re: Windows 10 Ldap Active Directory Authentication not working

Fort this implimentation i did not install any certificate on the NSP or anywere. I just enabled EAP offlooad on the Virtual controller, so that the Clients see the VC certificate and the controller forwards the radiius request without any certificate involved. 

Guru Elite

Re: Windows 10 Ldap Active Directory Authentication not working

EAP offload enabled means that the controller certificate is involved and if your client does not trust this certificate, it will not work.  As a test, try disabling "Validate Server Certificate" on the devices that do not work.  In practice, there shold be a certificate on the nps server that all clients trust and EAP offload should be disabled.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor I

Re: Windows 10 Ldap Active Directory Authentication not working

just to get clarification on this line 

"In practice, there shold be a certificate on the nps server that all clients trust and EAP offload should be disabled."

 

if i put a certificate on the NSP, does this mean i have to install/push it out to every client who wants to connect using the NSP?

Guru Elite

Re: Windows 10 Ldap Active Directory Authentication not working

Yes.  That Certificate or the CA that issued the certificate must be in the client's trusted store.

 

If you have a domain and the domain's CA issues a certificate to the NPS server, by default all the clients in that domain trust that server's certificate.

 

PEAP is mutual authentication where:

 

- The server expects a valid username and password and

- The clients expects the server to have a server certificate that it trusts

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor I

Re: Windows 10 Ldap Active Directory Authentication not working

then in my case this wont work, because this is just meant for internal office users to use their AD credentials for wifi authentication. 

 

if a sefl signed certificate wont work, then we are at a stale mate. tommorow i have another call with the Aruba team. Ill update on what we will have done, if we find a work around for the Windows 7 Pc's. 

Guru Elite

Re: Windows 10 Ldap Active Directory Authentication not working

A self-signed certificate can work, as long as that certificate is installed in the user's trusted store.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: