Controllerless Networks

last person joined: 2 days ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

802.1x not authenticating Windows clients.

This thread has been viewed 5 times

  • 1.  802.1x not authenticating Windows clients.

    Posted Jul 11, 2017 12:54 AM

    Using Aruba Controllerless AP's, I have a network setup with WPA2-Enterprise security against our Active Directory DC's using LDAP.  Mac's, iOS, and Android devices were able to attach without any issue but PC's were not.  HPE support suggested using PEAP-GTC on the PC's or using RADIUS. I setup a new network with NPS on one of the DC's to test with.  So far i'm not able to get clients to auth against the RADIUS server.

     

    Screen Shot 2017-07-10 at 11.33.14 PM.png

    Then in NPS I added the radius client, Connection Request Policy and Network Policiy. 

    Screen Shot 2017-07-10 at 11.10.52 PM.png

    Screen Shot 2017-07-10 at 11.11.06 PM.png

     

    Screen Shot 2017-07-10 at 11.42.33 PM.png

    When I try and authenticate on this network NPS is logging this error:

    The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.

    In the Network Policy The Auth Contrainsts are setup without the MSCHAP options. 

    Screen Shot 2017-07-10 at 11.49.17 PM.png

    I'm not sure what else I could be doing wrong.

     



  • 2.  RE: 802.1x not authenticating Windows clients.

    Posted Jul 11, 2017 03:50 AM
    Looks like a certificate issue. Have you added certificate to your NPS server? Do you clients trust this certificate?



  • 3.  RE: 802.1x not authenticating Windows clients.

    Posted Jul 11, 2017 07:51 AM

    I have a cert selected in NPS..

    Screen Shot 2017-07-11 at 6.47.46 AM.png



  • 4.  RE: 802.1x not authenticating Windows clients.

    Posted Jul 11, 2017 08:30 AM
    Does you client trust that certificate authority?

    How is the client configured?