Network Management

last person joined: yesterday 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

Airwave and Radius

This thread has been viewed 49 times

  • 1.  Airwave and Radius

    Posted Jun 15, 2016 11:57 AM

    Hi everyone,

     

    I'm trying to set up Radius authentication for my Airwave administrators, but without success so far. I'm using NPS.

     

    I have followed the guide below to configure the network policy (only thing I did different was changing the vendor code from 14823 to 12740, since I'm using the Dell version).

    http://community.arubanetworks.com/aruba/attachments/aruba/unified-wired-wireless-access/20391/1/Management%20Authentication%20using%20Windows%202008%20as%20a%20Radius%20Server.pdf

     

    By the way, great guide!

     

    I have placed my domain account in the user group, but when I try to authenticate I receive a "login failed" message and in the NPS logs I see the following message:

    Untitled pictureee.png

     

    The account/password are correct, I'm not sure why I'm receiving this mismatch error. I also have the radius information properly set up under AMP Setup > Authentication.

    The Admin role is also in place.

    Untitled pictureeee.png

     

    Any ideas of what may be causing this behavior?



  • 2.  RE: Airwave and Radius

    Posted Jun 16, 2016 04:44 PM

    Hi,

    since you receive an Error Message in NPS

    • the shared secret between Airwave Server and the AP is correct.
    • and there is a  connectivity between them.

    i think that the issue is in the authentication method , can you  check it again.

     



  • 3.  RE: Airwave and Radius

    Posted Jun 22, 2016 03:20 PM

    The network policy was pointing to the wrong Radius, I corrected it and according to the logs in event viewer I'm now being directed to the right policy/radius when I try to authenticate.

     

    But even though everything seems fine with the NPS logs, I still receive a login failed message when I try to login into Airwave using my domain credentials:

    Login failed

    Please re-enter username and password.

     

    The event logs within Airwave shows nothing and according to the NPS logs everything is fine. Not sure what to do now. Is there any parameter within Airwave that I'm missing, could this be a bug?



  • 4.  RE: Airwave and Radius

    Posted Dec 20, 2017 09:51 PM

    I am having this exact same issue now. When I login to airwave with my domain credentials It says failed login. When I check the logs  in nps it says success and that it granted full access.



  • 5.  RE: Airwave and Radius

    EMPLOYEE
    Posted Dec 21, 2017 06:46 AM

    Did you configure your NPS server according to the guide here?  http://community.arubanetworks.com/aruba/attachments/aruba/unified-wired-wireless-access/20391/1/Management%20Authentication%20using%20Windows%202008%20as%20a%20Radius%20Server.pdf  

     

    If your NPS server does not return the Admin role, Airwave will not allow your user to login.



  • 6.  RE: Airwave and Radius

    Posted Dec 21, 2017 07:28 AM
    Yes I have it configured exactly according to the guide. 


    Sent from my Verizon, Samsung Galaxy smartphone


  • 7.  RE: Airwave and Radius

    EMPLOYEE
    Posted Dec 21, 2017 07:43 AM

    You should open a TAC case so that they can look at your setup.  The  instructions are that is all that is required to make it work.



  • 8.  RE: Airwave and Radius

    Posted Apr 17, 2022 11:40 PM
    Greetings,
    I know this is an old thread but I am wondering if you ever found a solution?
    I am having the same exact issue - everything is configured correctly - NPS log is showing access granted - Airwave says Login failed

    ------------------------------
    Ali AlJanaby
    ------------------------------

    Original Message


  • 9.  RE: Airwave and Radius

    EMPLOYEE
    Posted Apr 18, 2022 07:53 AM
    You need to return the "Aruba-Admin-Role" radius attribute of "root" "admin' for the user to successfully login to Airwave.  Please see the ClearPass Instructions for a radius server here:  https://community.arubanetworks.com/browse/articles/blogviewer?blogkey=28fa655f-4aba-470e-931f-43047f2a5b78

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------

    Original Message


  • 10.  RE: Airwave and Radius

    Posted Apr 19, 2022 10:35 AM
    Hi.

    As Joseph already wrote. You need to return the correct role in Aruba-Admin-Role radius attribute. 

    On AirWave you can define your own roles in AMP Setup / Roles or you can return any off the predefined roles.

    For example for ReadOnly access you can return
    Radius:Aruba Aruba-Admin-Role = Read-Only Monitoring & Auditing

    For full Admin access to all parts of the AirWave you will return 
    1. Radius:Aruba Aruba-Admin-Role = Admin

    If you just need a specific access, for example only to selected folders, you return the role that has that specific access granted.

    Best, Gorazd

    ------------------------------
    Gorazd Kikelj
    ------------------------------

    Original Message


  • 11.  RE: Airwave and Radius

    Posted Apr 19, 2022 12:29 PM
    The admin role is configured on both ends, however; I don't think NPS is returning the role based on the log.

    Also, the NPS policy is working for my Cisco devices (with different Vendor Specific attributes) so I know it is not the NPS policy:









    ------------------------------
    Ali AlJanaby
    ------------------------------

    Original Message