Controllerless Networks

last person joined: an hour ago 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.
Expand all | Collapse all

Cannot access domain resources on IAP 205 with RADIUS authentication

  • 1.  Cannot access domain resources on IAP 205 with RADIUS authentication

    Posted Sep 29, 2015 07:20 PM

    I am in the processes of changing out a Meru controller based system for Aruba Instant IAP 205's. I have a Windows 2012 R2 domain controller authenticating clients through RADIUS using computer authentication. All client machines are Windows 7 SP1.

    Everything seems to work fine except domain resources that require authentication. I have total internet access and I can ping all the domain machines using hostnames. I can even ping domain.local and I get replies from the domain controller, but when I try to access a network share I get a password prompt saying "cannot contact a domain controller to service the authentication request." I also cannot run gpupdate /force because it fails to find a domain controller.

    The domain controller is also DHCP and DNS, which are working fine. I have narrowed it down to an Aruba issue because the Meru access points at the other end of the building are using the same RADIUS server and the same VLAN as the arubas, but the meru clients have no issues at all. Everything also works on the wire. I just can't seem to get the arubas to allow domain activity.

    I found this similar problem posted a couple times in the Airheads community, but no difinitive solution has been presented on those threads.


    #AP205


  • 2.  RE: Cannot access domain resources on IAP 205 with RADIUS authentication

    Posted Sep 29, 2015 07:23 PM
    What user-role are the devices in?


  • 3.  RE: Cannot access domain resources on IAP 205 with RADIUS authentication

    Posted Sep 29, 2015 08:05 PM

    Thanks for the replies

    I'm sorry. I'm not sure what you mean by "user-role"

    Also, The security is already set to unrestricted.



  • 4.  RE: Cannot access domain resources on IAP 205 with RADIUS authentication

    Posted Sep 29, 2015 10:05 PM

    Please post the screenshot for your VLAN tab.



  • 5.  RE: Cannot access domain resources on IAP 205 with RADIUS authentication

    Posted Sep 29, 2015 11:14 PM

    aruba_vlan.png

    VLAN 50 is fully functional on the Merus and on the wire.



  • 6.  RE: Cannot access domain resources on IAP 205 with RADIUS authentication

    Posted Sep 29, 2015 11:22 PM

    I suggest you install wireshark on one of your clients and do a packet capture to determine what your problem browsing network resources is.  I am just guessing about what was done wrong.  A packet capture would be more definitive.

     



  • 7.  RE: Cannot access domain resources on IAP 205 with RADIUS authentication

    Posted Sep 29, 2015 07:25 PM

    Make sure the SSID under Access, the access rules are set to unrestricted.

     

    unrestricted.png



  • 8.  RE: Cannot access domain resources on IAP 205 with RADIUS authentication

    Posted Sep 30, 2015 03:39 AM

    It sounds suspiciously like a DNS issue.  Are the clients able to resolve internal addresses?

    Do you have content filtering enabled in the ssid?

    aireheads - content filtering.JPG



  • 9.  RE: Cannot access domain resources on IAP 205 with RADIUS authentication

    Posted Sep 30, 2015 02:09 PM

    DNS was my initial thought too, but I am able to ping hostnames. I can even ping domain.local and I get replies from the domain controller. I also have content filtering disabled. It doesn't make any logical sense. I'm stumped :-(



  • 10.  RE: Cannot access domain resources on IAP 205 with RADIUS authentication

    Posted Oct 01, 2015 02:50 PM

    I found my solution. I was using dynamic RADIUS proxy, which appeared to be working because RADIUS authentication was working great. Once I disabled DRP and configured each access point individually in NPS, everything started working. It still doesn't make any sense, but I can live with it since I'm only dealing with 15-20 APs. Thank you to everyone who helped.



  • 11.  RE: Cannot access domain resources on IAP 205 with RADIUS authentication

    Posted Apr 27, 2020 02:37 PM

    I spent 3 hours looking through articles and trying different things.  This worked for me.  As soon as I disabled content filtering in the SSID and disable-enable the device wifi adapter all was well.