Controllerless Networks

Reply
Highlighted
MVP

Re: IAP-105 Radius Authentication Problem

OK, I hadn't seen them both set in the show-tech, but it's hard for the layman to read.

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Highlighted
Guru Elite

Re: IAP-105 Radius Authentication Problem

Both are set:

 

virtual-controller-ip 172.16.9.2

dyanmic radius-proxy

 

We need to see the tech support from the AP with the problems.  This one seems to be getting responses from the Radius Server from the "auth-tracebuf" output.

 

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba Technical Webinars
Occasional Contributor II

Re: IAP-105 Radius Authentication Problem

The more I read the more it seems that the problem is the cert creation process. In the hodgepodge of documentation we had to try several approaches..let me back up. We have a Windows pki infrastructure set up and working. We initially tried to create and upload certs to the instant (self signed) and created in Linux Centos per docs found at Aruba support. The self signed CAcert uploaded fine but the instantservercert had a format error or RSA decode error (I cannot remember now). I contacted support and eventually they sent a doc on exporting the server cert that is created in windows on our cert server. We did that and the upload worked. Immediately we were able to authenticate and we thought all was well. It was several days before we realized that we could only authenticate from the AP that hosts the virtual controller. 

 

Could the problem be that the two certs are really from different authorities? Would we, can we, export the rootCA cert from our CA  windows server and then export the web server cert according to the attached instructions, upload them on the IAP-105 and maybe solve this issue. Again we think our basic set up is working since computers and users who are placed into the appropriate GPO's can boot up (after they get the policy) to the wireless, authenticate, and receive appropriate mappings, etc. as long as they are near the virtual controller hosting AP.  So autoenrollment is working.  I am new to certificates so forgive me if i am missing something that will one day seem obvious (after I figure this out!).

 

 

Highlighted
Moderator

Re: IAP-105 Radius Authentication Problem

Hi,

 

Please drop me an email and I will send over a doc that may help.

 

I don't want to add to your misery in the cert creation process  - but I hope it may explain certain things about the certificate itself.

 

Thanks,

Shashi

 

ssastry@arubanetworks.com

Highlighted
Occasional Contributor II

Re: IAP-105 Radius Authentication Problem

BTW..the dump from an AP that is NOT hosting the virtual contoller is attached..

Highlighted
Occasional Contributor II

Re: IAP-105 Radius Authentication Problem

I know this has been stagnant for a while, but I have a similar issue but my internal CA at the customer is 2003 not 2008. Got the CA cert installed no problem, but creating the Server cert for the IAP 105s I am getting the RSA decode error. Any guide on doing it on 2003 CA?

Highlighted
Guru Elite

Re: IAP-105 Radius Authentication Problem

Are you doing EAP-PEAP or EAP-TLS

Where are you applying the certificate?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba Technical Webinars
Highlighted
Occasional Contributor II

Re: IAP-105 Radius Authentication Problem

PEAP, trying to upload the server cert under the maintence>certificates tab.

Highlighted
Guru Elite

Re: IAP-105 Radius Authentication Problem

why not just put a certificate on the radius server instead?

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba Technical Webinars
Highlighted
Occasional Contributor II

Re: IAP-105 Radius Authentication Problem

also trying to get rid of the cert error message for the default securelogin.arubanetworks.com cert.