Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Need help with 2008 R2 server and 3200 controller config

This thread has been viewed 2 times

  • 1.  Need help with 2008 R2 server and 3200 controller config

    Posted Sep 16, 2012 05:56 PM

    I just migrated a client from SBS 2003 to SBS 2011.  I have NPS installed on the new box.  I was also able to export the IAS config from 2003 and using iamigreader.exe, imported the config into the new 2008 box successfully.  We have 2 networks configured on the 3200, Guest and Staff.  Currently both networks are not allowing users to connect.  The guest network uses a captive portal config, and when a user tries to connect, they get the captive portal, try to login and get "invalid reply digest from auth server".

     

    Futhermore, when a staff member tries to login and authenticate, they get access is denied.

     

    1) Is there and account and password that are used to communicate between the controller and the server?, if so, how do I display that account either in the controller or on the server ( I'm sure ADUC, but what is the account name?)

     

    2) How do I troubleshoot these issues?, I have gone in on the controller and changed the IP for the radius server to point to the new IP. But am unclear where to go from here..

     

    Any help would be greatly appreciated

      


    #3200


  • 2.  RE: Need help with 2008 R2 server and 3200 controller config

    Posted Sep 16, 2012 06:10 PM

    To further information on this, in my event logs I am getting event ID 18

     

    An Access-Request message was received from RADIUS client 192.168.25.10 with a Message-Authenticator attribute that is not valid.

     



  • 3.  RE: Need help with 2008 R2 server and 3200 controller config

    EMPLOYEE
    Posted Sep 16, 2012 07:43 PM

    Make sure the aruba radius client definition on the nps server does not require the message attribute.  Aruba does not support this.

     

    Also, make sure and reenter the radius secret for the Aruba controller on the nps side.

     



  • 4.  RE: Need help with 2008 R2 server and 3200 controller config

    Posted Sep 16, 2012 10:46 PM

    Like Collin said check the passphrase on the NPS client and on the WC is the same...


    That happneed me the other day i was installing thison a client.

    On Alcatel switches the characters like exclamation are not possible to put them as password and if you do they wont recognize them and put nothing in there....

    The thing is that i was doing on the NPS for example something like this as password aruba123! and on the alcatel switch aruba123! but as the alcatel could not understand the ! then it does this aruba123  and as the pass was not the same well i get that message you are getting...

     

    I didnt know what was the message about but you can always do a fast search with google with the error and also putting airheads and you will find answers in this forum...

    When i encountered that troubleh i did that and i found this topic

     

    http://community.arubanetworks.com/t5/Authentication-and-Access/2nd-NPS-server-gives-Message-Authenticator-attribute-not-valid/td-p/31606

     

    Hope this solve your issue