Controllerless Networks

last person joined: 22 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

IAP-115 wpa enterprise and certificates

This thread has been viewed 1 times

  • 1.  IAP-115 wpa enterprise and certificates

    Posted Nov 04, 2014 06:07 PM

    Hi,

     

    I've been trying for the last 2 days to set up wpa2 enterprise with ldap for my company.
    The ldap is a windows 2008 with AD role.

    The iaps are in 6.3.1.1-4.0

     

    So yesterday I managed to connect with the configured ldap from an iphone but it was still rejected from windows and linux computer.

     

    I thought it was a problem due to certificates so I created a CA certificate and a other one for server authentication. I tried to upload them with the GUI but nothing exept the green ok popup happened. The default certificates where still there and no trace of the new ones, even in the cli.

     

    I tried to upload the certificate from cli with the <download-cert> command but still no result.

    I also tried from the reference guide  the <copy tftp> commande to upload a certificate but it only made the default CA certificate disapear from the iap.

     

    Also I reversed to backup just to see that the default ca certificate is still nowhere and my uploaded ones still completely invisible.

    While searching through the forum I read that certificate was not mandatory for wpa2 enterprise with ldap is that correct? In that case I will start looking away from the certificates. But there still would be the probleme of the fail uploads.

     

     

    Thanks for reading.

     

     

    Edit :

     

    I was using 2 iap while making the configuration and it appear one is almost working with wpa2 enterprise while the other is not. Iphone android and linux station manage to autenticate but windows station won't. Probably because the default ca certificate is missing from the iap.

     

    here are the debut auth log from the iap.

    a success auth

     

    Nov 5 11:22:43 station-up 2 4 server rejected

     

     



  • 2.  RE: IAP-115 wpa enterprise and certificates

    EMPLOYEE
    Posted Nov 06, 2014 09:14 PM

    Aerilon,

     

    Windows devices do not work if you are pointing to an LDAP server for authentication for 802.1x unless you install special software on them.  Androids and iPHones have that special software (supplicant), so they will abe able to authenticate.  Windows devices do not have that software.  The ultimate solution is to configure a radius server on Windows and point the IAP to that server:  

    Please see the thread here for details on why it will not work on windows computers:  http://community.arubanetworks.com/t5/Aruba-Instant-Cloud-Wi-Fi/IAP-WPA2-Enterprise-internal-server-with-LDAP/m-p/137457/highlight/true#M4366

     

    You can also check out the thread here http://community.arubanetworks.com/t5/Community-Tribal-Knowledge-Base/Step-by-Step-How-to-Configure-Microsoft-NPS-2008-Radius-Server/ta-p/80672 on how to configure a radius server on Windows 2008 NPS.