ArubaOS and Controllers

Occasional Contributor II

validating identity problem

I'm an Aruba newbie getting familiar with the 3200. I have 802.1x authentication setup using MS NPS. I can test authenticate to NPS. I have a CA with trusted cert on test laptop. I have .1x set up Aruba AAA profile for machine autheniicaton and have created a gpo to push to client. The problem is that I get a "validating identity" on the client and no dhcp assignment (dhcp is external). I'm watching realtime stats on NPS and the machine is logging but not connecting. The event viewer security log is showing no audit failures. I think I have misconfigured the controller and i just can't pin down what the problem may be. I've been reading the UG and this forum for a few days and can't come up with a solution. I have a ciisco 5500 with 100 APs at another clients with a similar setup but I think I'm just to new to the aruba setup. Any help appreciated.
Guru Elite

Re: validating identity problem

On the commandline of the controller, type "show auth-tracebuf". If you have a radius server and it has a certificate, you need to make sure that the client trusts the certificate. To test this, uncheck "Validate Server Certificate" on the PEAP settings for the client and see if it goes through.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor II

telnet problem

I can't enable the console through telnet to run the command. Will not accept the root account password..
Occasional Contributor II

Re: validating identity problem

Telnet access is disabled by default on Aruba controllers. You have to either connect it via sshv2 with username/password, or enable telnet access.

Telnet option ussually found in Configuration ->General screen on webui.

to do the show auth-tracebuf (mac of laptop), you first should enable debugging for the mac address

logging level debuging user-debug xx:xx:xx:xx:xx:xx
Occasional Contributor II

Re: validating identity problem

i already had telnet enabled but when i type in "enable" my admin (root) password does not work. Same thing with SSH.

is the debug command through the gui or cli?

Debug command

The enable password on the controller can/and usually is seperate from your admin login password. Maybe its at the default of 'enable' ;)

FYI, the command provided earlier in the thread is from the controller's command line.
Occasional Contributor II

Re: validating identity problem

problem is: in order to run the command I need to successfully enable the console. i used the admin account password, which is the only root account on the controller. I tried enable has password... nothing. Any ideas?

Do a password recovery...

Console cable access to the controller is required to execute. Resetting the root account will reset the enable password so you can get in...and make progress with the issue at hand.

Here is the procedure:

Login: password
Password: forgetme!
(controller) > enable
Password: enable
(controller)# config term
(controller) (config)# mgmt-user admin root

Log-out of this session, then re-login using the admin
account with your new password.

FYI, The enable password is reset during this process to "enable."
Occasional Contributor II

Re: validating identity problem

did a pw reset on console so moving forward with the debug...thanks and stay
Occasional Contributor II

Re: validating identity problem

ran sh auth. cap attached.

the client i'm directly testing with is ltenger
Search Airheads
Showing results for 
Search instead for 
Did you mean: