Can we use LDAP for EAP-PEAP with termination disabled or should termination be enabled. Please update soon as there is an ongoing issue and need to bring up the setup.
Thank you in advance!
You cannot use LDAP for EAP-PEAP without termination. If you do use LDAP for EAP-PEAP, your clients would have to support EAP-GTC (Windows devices do not support this natively
Thank you for your response. Please let me know if I can enable termination with EAP-PEAP mschapv2 as inner eap instead of GTC for LDAP.
You would only be able to do that if you are using termination AND pointing to a radius server (instead of an LDAP server). With mschapv2 and termination and an LDAP server, your only inner option is eap-gtc.
Long story short, if you have a Windows domain, install the free NPS radius server and avoid all of the hoops you will have to jump through with termination.
Thank you for your quick response. So If I understood you, if we need to use LDAP, then we need to do the following:
1. Enable termination on the controller
2. EAP should be EAP-PEAP and inner-eap-type should be eap-gtc and not mschapv2
3. Install GTC pluggins in devices.
Can you let me know if GTC plugins are available even for mobile devices and also do you have any link on how to install GTC plugins?
EAP-GTC is selectable on Android Devices as an option when you configure the SSID. On IOS you don't need to select anything.
However, i had similar cases deployed and it is a big head-ache for EAP-GTC rollout, on Windows. Some of the WiFi adapters were not capable of supporting this plug in and they couldn't connect to the SSID at all.
Its something i had very bad experience on the customer side perspective.
Instead, i installed Windows Server NPS feature and use it as RADIUS Authentication, without EAP-GTC. It is less headache and better user-experience, especially for Windows devices.
Thank you for your guidance.
I will look into it.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.