I was told that iap wpa2 interprise can be configured as radius internal server and the radius server can authenticate against a LDAP server. Does anyone know how to configure this?
Check out Chapter 11 in the attached guide. It explains how to configure EAP termination on the VC.
Are you connecting to OpenLDAP or ActiveDirectory or similar?
Do you want to use EAP-PEAP-MSCHAPv2 or EAP-TTLS PAP/MSCHAPv2?
Please note for ActiveDirectory with MSCHAPv2: you will need a domain join for this. For MSCHAPv2 you will need to have NTLM_Auth in place on your RADIUS server. The Aruba Instant internal RADIUS-server does not support a domain join and NTLM_Auth.
If you are using OpenLDAP and want to use MSCHAPv2 then you need to store either plain-text passwords or NT-Passwords (like AD does). If you are using PAP you can store passwords with any hashing algorithm.
I would advise you to use an external RADIUS server if possible.
i want to implement in a active directory domain network. The LDAP server is the DC.
Do you think is possible to implement without radius?
At least for PEAP EAP-MSCHAPv2 (which is most common) you will need a RADIUS server.
Possible RADIUS servers: Microsoft NPS (which is included in Windows Server), FreeRADIUS (if you have a Linux platform) or possibly ClearPass Policy Manager if you have some budget available :)
When using EAP-TTLS with PAP you would not need an external RADIUS server, but note the default Windows 802.1X supplicant does not have support for this.
The NPS for MSFT is free just activate it but the good thing you do not need the cerificate server as you can use Aruba to ternminate the EAP traffic.
If a customer has 2 different LDAPs (say Student and Faculty), can you reference both with Termination Enabled, and they will fail-thru? ie. if the user is not contained in the first, it tries the second. Or, is it better to have an External RADIUS server that points to both LDAPs, set Termination to Disabled, and point the IAPs to the RADius server?
Thanks in advance.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.