Controller-less WLANs

 View Only
last person joined: one year ago 

Articles relating to existing and legacy HPE Aruba Networking products and solutions including IAP, Central / HPE Aruba Networking Central, MSR, and Outdoor Mesh
Back to Library

How to configure LDAP authentication on the Instant for the clients to authenticate using LDAP server? 

Jul 04, 2014 07:52 PM

Use of LDAP server for Authentication in IAP as External Radius server

LDAP (Lightweight Directory Access Protocol)

To use an LDAP server for user authentication, configure the LDAP server on the Virtual Controller, and configure
user IDs and passwords

PEAP-GTC termination allows authorization against an Lightweight Directory Access Protocol (LDAP) server and external RADIUS server while PEAPMSCHAV2 allows authorization against an external RADIUS server.

This allows the users to run PEAP-GTC termination with their username and password to a local Microsoft Active Directory server with LDAP authentication.
 
1. EAP-Generic Token Card (GTC) — This EAP method permits the transfer of unencrypted usernames and passwords from client to server. The main uses for EAP-GTC are one-time token cards such as SecureID and the use of LDAP or RADIUS as the user authentication server. You can also enable caching of user credentials on the IAP to an external authentication server for user data backup.
 
2. EAP-Microsoft Challenge Authentication Protocol version 2 (MS-CHAPv2)— This EAP method is widely supported by Microsoft clients. A RADIUS server must be used as the back-end authentication server.
 
Environment : This article applies to all Instant Access Points and Instant OS versions.
 
LDAP Server — To configure an LDAP server, specify the attributes described in the following table:
 
wlan ldap-server AD
ip 1.2.3.4
port 389
admin-dn cn=Administrator,cn=Users,dc=arubatac2008,dc=com
admin-password admin
base-dn cn=Users,dc=arubatac2008,dc=com
filter (objectclass=*)
key-attribute sAMAccountName

To configure an LDAP server using Command line:
 
(Instant Access Point)(config)# wlan ldap-server <profile-name>
(Instant Access Point)(LDAP Server <profile-name>)# ip <IP-address>
(Instant Access Point)(LDAP Server <profile-name>)# port <port>
(Instant Access Point)(LDAP Server <profile-name>)# admin-dn <name>
(Instant Access Point)(LDAP Server <profile-name>)# admin-password <password>
(Instant Access Point)(LDAP Server <profile-name>)# base-dn <name>
(Instant Access Point)(LDAP Server <profile-name>)# filter <filter>
(Instant Access Point)(LDAP Server <profile-name>)# key-attribute <key>
(Instant Access Point)(LDAP Server <profile-name>)# timeout <seconds>
(Instant Access Point)(LDAP Server <profile-name>)# retry-count <number>
(Instant Access Point)(LDAP Server <profile-name>)# end
(Instant Access Point)# commit apply

Statistics
0 Favorited
62 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.