Wireless Access

 View Only
last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

MSM 710 , Active Directory VSC authentication problems

This thread has been viewed 0 times

  • 1.  MSM 710 , Active Directory VSC authentication problems

    Posted Feb 11, 2013 08:36 AM

    Hello!
    I have for some time now experienced a problem with our Active-Directory controlled VSC. 
    It seems that only some of our users are able to authenticate and others recieve a reject. 

    The VSC is access-controlled and ive added the appropiate-groups aswell ass added the default AC group.

     

    "Feb 11 13:55:01 debug iprulesmgr Sending RADIUS Access Reject (id='4') to RADIUS Client (ip-address='169.254.0.4',port='33183').
    Feb 11 13:55:01 info iprulesmgr Refusing session for user (nas-port='7',name='domain\username',calling-station-id='00-23-14-8D-21-B4',framed-ip-address='0.0.0.0')."

     

    This is one of the entries i can see being logged in the MSM-log after activating extra Radius/ad-debug. 

     

    The wierd thing is that some of our users are able to authenticate to this AD-authenticated VSC but some of them can't

     

    from what i can see this is alos logged on the DC when one of the users getting rejected tries to connect : 


    The computer attempted to validate the credentials for an account.

    Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Logon Account: User.account
    Source Workstation: \\MSM710
    Error Code: 0xc000006a

     

    Our current setup is (only listed the relevant servers) : 1 DC (2008r2) ,

    Network is 1 VLAN, 2 subnets connected through an IPSEC-tunnel ('ve checked the firewall nothing being blocket there its full access between these subnets) 

    1: MSM710

    2:MSM 430

    1: MSM 310

     

    So to clarify we are not using a RADIUS-Server just the built in "Remote > Active Directory authentication"

     

    P.S usernames and domain have been swapped for privacy reasons

     

    Any help in this matter would be greatly appreciated


    Cheers 

     

    Joakim

     

     

    :UPDATE:
    Looking at the logs from the DC the only difference i can see between a failed authentication and one that succeeded is that the ones able to authenticate has its own laptop as Souce Workstation: laptopnamexxx

    While the ones failing comes from Source Workstation: \\MSM710

     

    example below:

    Failed authenticated:


    The computer attempted to validate the credentials for an account.

    Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Logon Account: user.name
    Source Workstation: \\MSM710
    Error Code: 0xc000006a

     

    Successfully authenticated:

     

    The computer attempted to validate the credentials for an account.

    Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Logon Account: user.name2
    Source Workstation: computername-xxx
    Error Code: 0x0

     

     

    P.S. This thread has beenmoved from Communications, Wireless (Legacy ITRC forum) to MSM Series. - Hp Forum Moderator


    #msm710
    #auth
    #login
    #msm
    #Active-Directory
    #Radius
    #710
    #ActiveDirectory
    #AD


  • 2.  RE: MSM 710 , Active Directory VSC authentication problems

    Posted Mar 17, 2016 07:07 PM

    I am having the exact same problem currently. Did you ever find a solution to this?

     

    Currently running 6.6.3



  • 3.  RE: MSM 710 , Active Directory VSC authentication problems

    Posted Mar 19, 2016 05:29 AM

    Describe the problem little bit elaborate.

    Could you post the screen snap of the "Authentication --> Active Directory" page settings?  Any error message that you see on the controller at the time of the problem.