Controllerless Networks

New Contributor

IAP-115 wpa enterprise and certificates



I've been trying for the last 2 days to set up wpa2 enterprise with ldap for my company.
The ldap is a windows 2008 with AD role.

The iaps are in


So yesterday I managed to connect with the configured ldap from an iphone but it was still rejected from windows and linux computer.


I thought it was a problem due to certificates so I created a CA certificate and a other one for server authentication. I tried to upload them with the GUI but nothing exept the green ok popup happened. The default certificates where still there and no trace of the new ones, even in the cli.


I tried to upload the certificate from cli with the <download-cert> command but still no result.

I also tried from the reference guide  the <copy tftp> commande to upload a certificate but it only made the default CA certificate disapear from the iap.


Also I reversed to backup just to see that the default ca certificate is still nowhere and my uploaded ones still completely invisible.

While searching through the forum I read that certificate was not mandatory for wpa2 enterprise with ldap is that correct? In that case I will start looking away from the certificates. But there still would be the probleme of the fail uploads.



Thanks for reading.



Edit :


I was using 2 iap while making the configuration and it appear one is almost working with wpa2 enterprise while the other is not. Iphone android and linux station manage to autenticate but windows station won't. Probably because the default ca certificate is missing from the iap.


here are the debut auth log from the iap.

a success auth


Nov 5 11:22:43 station-up 2 4 server rejected



Guru Elite

Re: IAP-115 wpa enterprise and certificates



Windows devices do not work if you are pointing to an LDAP server for authentication for 802.1x unless you install special software on them.  Androids and iPHones have that special software (supplicant), so they will abe able to authenticate.  Windows devices do not have that software.  The ultimate solution is to configure a radius server on Windows and point the IAP to that server:  

Please see the thread here for details on why it will not work on windows computers:


You can also check out the thread here on how to configure a radius server on Windows 2008 NPS.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: