Controllerless Networks

Aruba Employee

Aruba Instant authentication using Certificates and LDAP



I have a customer who has 10 205 APs working as instant, having one operating as Master and the others connected to it. They want to have the following setup:

- user laptops should connect to the corporate SSID and authenticate using a certificate installed into the laptop and then, use the LDAP (Microsoft Active Directory) credentials.


They want to have both together, so to avoid any third party laptops connect to this SSID, by just using the LDAP credentials of a user.


I have connected the AP with the LDAP serer and LDAP authentication works just fine. My question is, is it possible to have an issued certificate installed into the laptop, the laptop use this certificate to authenticate and then propmpt for username and password, requiring the domain credentials?


Thank you.



Guru Elite

Re: Aruba Instant authentication using Certificates and LDAP

You need a radius server that supports EAP-TLS for that.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Aruba Employee

Re: Aruba Instant authentication using Certificates and LDAP

Hi Colin,


Thanks for your quick response.


I have a radius server which support EAP-TLS. The problem is that I'm confused onhow to setup this. I have created a SSID with security level set to Enterprise. The Key Management is set to WPA2-Enterpise, the Termination is enabled and the Authentication server is pointing to the LDAP server. What I understand is that Authentication server should point to the Radius server and then the Radius server to ask LDAP to authenticate the user using the domain credentials. Is this right? If this is the case, how I will force a wireless user to have a specific certificate installed, before performing the LDAP authentication? Or is this done by the Radius? 


Sorry for all these questions. I just have to understand prior moving on with the certificates. It would be great if you could state some points or a step by step process to follow.


Thanks again for your effort on this.




Re: Aruba Instant authentication using Certificates and LDAP

The client needs to be configured to use a specific client certificate. The RADIUS server will have a policy that allows certificates issued from specific CAs to authenticate.

If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | |

MVP Expert

Re: Aruba Instant authentication using Certificates and LDAP

This should get you going on how to the use the GPO cert autoenrollment option for Domain (Computers/Users) with ADCS : 


Note: If the customer already has the ADCS function in place you can ignore some of the initial steps

Thank you

Victor Fabian
Lead Mobility Architect @WEI
New Contributor

Re: Aruba Instant authentication using Certificates and LDAP

Hi Agelos
What is the softwares you're working on?

I am using IAP 6.4 and Active Directory 2012 but the LDAP authentication is not working.

Search Airheads
Showing results for 
Search instead for 
Did you mean: