ArubaOS and Controllers

Occasional Contributor I

802.1x to Windows AD without external Radius (IAS)

Hi there,

I was asked by a customer if aruba can authenticate directly to an AD without Radius Server. I looked trough the Userguide and found out that I can actually configure a windows server in security>authentication>servers.
I just dont quite understand how this works. Will the local Radius terminate 802.1x and send the query to the AD if the user doesnt exist in the internal database ? The controller would need a domain user/pw to be allowed to query the AD.

Anyone did this already ? Or did i completely misunderstand the meaning of the windows server configuration option.

Frequent Contributor I

Auth questions

The Aruba controller can authenticate to AD directly through LDAP.

However, if you intend to use 802.1x as the authentication method you will need to use IAS (server 2003) or NPS (server 2008) as the RADIUS host. IAS and NPS dictate the access policies you create for wireless access by clients and the controller manages the authentication process.

The Aruba controller needs to be setup in Windows as a RADIUS client and will then talk directly with IAS/NPS through the 802.1x authentication process.

If you go with LDAP you will need to use Captive Portal as the means of signing on to the network with AD credentials.

There are a couple of documents / guides available that instruct how to setup 802.1x in Windows. Support should be able to provide them to you.
Michael McNamee
Sr. Network Engineer - SecurEdge Networks
Search Airheads
Showing results for 
Search instead for 
Did you mean: