Wireless Access

last person joined: 33 minutes ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

devices on windows cannot authenticate

  • 1.  devices on windows cannot authenticate

    Posted Sep 13, 2017 04:40 AM

    good morning,

    a few days ago my wireless netowrk was fine,
    but now all devices turning on windows cannot authenticate except them which are turning on android.

    please, what is the problem?

    i have the 7210 controller and the 103 AP's.

    thank you.



  • 2.  RE: devices on windows cannot authenticate

    Posted Sep 13, 2017 04:50 AM

    Faycal,

     

    could you please give us more information?

     

    AAA profile configuration, SSID configuration and VAP configuration.

    Are you using user derivation rules?

     

    Also, can you run show audit-trail and check the changes that have been made on the controller?

     

    Cheers



  • 3.  RE: devices on windows cannot authenticate

    Posted Sep 13, 2017 06:07 AM

    first, thnak you,

    yes,I am using user derivation rules

     

     

     AAA Profile List
    ----------------
    Name References Profile Status
    ---- ---------- --------------
    default 2
    default-dot1x 0 Predefined (editable)
    default-dot1x-psk 0 Predefined (editable)
    default-mac-auth 0 Predefined (editable)
    default-open 0 Predefined (editable)
    default-xml-api 0 Predefined (editable)
    Guest-aaa-profile 1
    mgmt-aaa-profile 1
    New_WLAN-aaa_prof 1
    NoAuthAAAProfile 1 Predefined (editable)
    Pro-aaa-Profile 1
    Res-aaa-profile 1
    VIP-aaa-profile 1

     

     



  • 4.  RE: devices on windows cannot authenticate

    Posted Sep 13, 2017 06:27 AM

    Hi,

     

    Can you send us the specific information from the AAA profile that you are saying that is not working anymore and the derivation rules for that service?

     

    show audit-trial (review that there are no changes from yesterday) - no need to paste here the logs but check since Sep 12 and find it out.

     

    cheers

     

     

     

     



  • 5.  RE: devices on windows cannot authenticate

    Posted Sep 13, 2017 12:57 PM

    hi,

    the aaa test server is successful, device on android connect,

    for the AAA Profiles:

    i have res-aaa-profile

    authentication 802.1x

    role logon

    initial role: logon

    802.1X Authentication Default Role: authenticated

    termination enable
    termination eap-type eap-tls
    termination eap-type eap-peap
    termination inner-eap-type eap-mschapv2
    termination inner-eap-type eap-gtc

     

    aaa server-group "GSRV-RADIUS"
    allow-fail-through
    load-balance
    auth-server SRV-RADIUS,

     

    Network authentication security WPA2

    encryption AES

     



  • 6.  RE: devices on windows cannot authenticate

    Posted Sep 14, 2017 05:28 AM
    Hi,

    Yes, it is a start.

    I imagine that inside your SRV-RADIUS you added clearpass, nps or
    another RADIUS server. Or you don't have RADIUS server and that is why
    are you doing termination on the controller?


    If you have a corporate user you use EAP-TLS and you have a certificate
    in that corporate laptop, right?

    When you are using non-corporate traffic, you use EAP-PEAP and you
    authenticate against an AD or database, right?

    Are you sending any roles back to the controller once the user has been
    authenticated or do you just used the authenticate role?
    I mean, when you say that android works, which role do you receive?
    (Show user | i (mac address or ip address))

    Cheers
    Borja


  • 7.  RE: devices on windows cannot authenticate

    Posted Sep 14, 2017 09:17 AM

    hi,

    thanks

    i have RADUIS server to authenticate AD user's, without clearpass,

    you're right, corporate users authenticate with certificate

    i use only authentication role .... for android user, i receive the role authenticated,

    thanks again



  • 8.  RE: devices on windows cannot authenticate

    Posted Sep 14, 2017 10:08 AM

    OK - so you have a RADIUS server. I don't now why you are using termination.

     

    An android user, connects to the SSID and introduces his AD username and password. If that is correct, it receives it gets the default role (authenticated) 

     

    A corporate laptop, connects to the same SSID with certificates. If the authentication is successful - which role is going to be assigned? How does your derivation rule look like?

     



  • 9.  RE: devices on windows cannot authenticate

    Posted Sep 14, 2017 10:40 AM

     

     ""An android user, connects to the SSID and introduces his AD username and password. If that is correct, it receives it gets the default role (authenticated) "" --> yes

     

    ""A corporate laptop, connects to the same SSID with certificates. If the authentication is successful - which role is going to be assigned? How does your derivation rule look like?"" -->  the same role is assigned: authenticated

    i don't have derivation rules,

    thanks