Hi Abhijeet,
You can find a lot of good step-by-steps guides when you google for it. Some you can find here
https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=10129Please don't use eap-peap mschapv2 with AD credentials since this is considered as insecure and easly can leak your credentials. For better security use eap-tls certificated based authentication or at least no AD credentials but credentials dedicated to used for Wi-Fi only.
On your instant or controller site you only need to set the Radius Server IP and Radius Pre-shared Key, the controller will only bypass the traffic. The rest of the setup is done in your NPS server. Be sure you have installed a RADIUS server certificated and that the NPS server is AD joined, which is required for eap-peap mschapv2 only.
Iám not really familar with the NPS configuration, NPS is end of development, better use much better authentication server like Aruba ClearPass, which have much more configuration possibilities, insight and troubleshoot options then NPS.
------------------------------
Marcel Koedijk | MVP Guru 2021 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opionions are my own
------------------------------
Original Message:
Sent: Oct 14, 2021 01:45 AM
From: Abhijeet Bhapkar
Subject: unable to authenticate NPS with aruba controller.
Hello Team,
we have created a new dotx SSID which is authenticated by the NPS server. In auth trace buf we could see the server rejecting the radius request. Below logs for reference.
Need step by step integration and configuration NPS with Aruba controller documents.
Oct 7 11:58:22 station-down * 34:cf:f6:7e:d1:1e 24:62:ce:2e:55:73 - -
Oct 7 11:58:22 rad-reject <- 34:cf:f6:7e:d1:1e 24:62:ce:2e:55:73/nps 112 44
Oct 7 11:58:22 eap-failure <- 34:cf:f6:7e:d1:1e 24:62:ce:2e:55:73 1 4 server rejected
Oct 7 11:58:23 eapol-pkt-drop * 34:cf:f6:7e:d1:1e 24:62:ce:2e:55:73 - - received eapol-pkt before assos
Oct 7 11:58:23 station-up * 34:cf:f6:7e:d1:1e 24:62:ce:2e:55:73 - - wpa2 aes
Oct 7 11:58:23 eap-id-req <- 34:cf:f6:7e:d1:1e 24:62:ce:2e:55:73 1 5
Oct 7 11:58:27 eap-id-resp -> 34:cf:f6:7e:d1:1e 24:62:ce:2e:55:73 1 31 domain\james.K
Oct 7 11:58:27 rad-req -> 34:cf:f6:7e:d1:1e 24:62:ce:2e:55:73 103 223 10.11.44.26
Oct 7 11:58:27 rad-reject <- 34:cf:f6:7e:d1:1e 24:62:ce:2e:55:73/nps 103 44
Oct 7 11:58:27 station-down * 34:c
------------------------------
Abhijeet Bhapkar
------------------------------