Security

Reply
Guru Elite

Re: Problem Password expired RADIUS with MS Active Directory

When termination is enabled, EAP is Terminated on the Controller.  Username and password authentication continues to the external radius sever.

 

Machine Authentication does not work when Termination is enabled, and that is why users cannot change their passwords, because the computer itself cannot authenticate to make this happen.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
MVP Expert

Re: Problem Password expired RADIUS with MS Active Directory

Great. Machine authentication was not used in this instance.

 

Pasquale M. | Senior Network Solutions Consultant
ACDX #420 | ACCA
[If you found my post helpful, please give kudos!]
Guru Elite

Re: Problem Password expired RADIUS with MS Active Directory

Okay. It needs to be for the password to be changed, because the machine itself needs an IP address when that happens.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
MVP Expert

Re: Problem Password expired RADIUS with MS Active Directory

Thats a lot of MAC addresses to be inputed then :)

 

Therefore, if mac auth is enabled, EAP can then be terminated on the controller?

 

Read  this http://community.arubanetworks.com/t5/Security-WIDS-WIPS-and-Aruba-ECS/Radius-Fail-through-and-802-1x-Machine-Authentication/td-p/12183 and trying to make something of it.

 

 

Pasquale M. | Senior Network Solutions Consultant
ACDX #420 | ACCA
[If you found my post helpful, please give kudos!]
Guru Elite

Re: Problem Password expired RADIUS with MS Active Directory

Just to make things clear the link you posted above discusses fail-through feature , and not really termination. It has no bearing on this current thread...

Is there a deployment scenario about resetting passwords that you were interested in?

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
MVP Expert

Re: Problem Password expired RADIUS with MS Active Directory

i'm just trying to get a general understanding for "Termination" along with the situation I was dealing with on Friday.

 

I believe you answered me correctly Colin.


I am going to need to discuss with the customers IT department who manages AD and Radius to get a further understanding of what they did.

 

I appreciate your time definitely.

 

 

Pasquale M. | Senior Network Solutions Consultant
ACDX #420 | ACCA
[If you found my post helpful, please give kudos!]
New Contributor

Re: Problem Password expired RADIUS with MS Active Directory

I know it is several years later. But it seems like the user never got an answer or a resolution for the question. It is really a simple solution as far as I see it and requirs just understanding what is is being asked. But what the user was looking for is a feature that is not supported by RADIUS ( unless that has changed and I am not aware). He is looking for a password expiration and a prompt for the user. But that is not supported by RADIUS. He would need to use LDAP for that. Could it be tha simple? Hmm. idk.maybe. But I am sure if someone else is looking for a solution may see this and comment and it may help.

Frequent Contributor II

Re: Problem Password expired RADIUS with MS Active Directory

Here it is 4 years after the last ping on this thread and I'm being a necromancer.  I'm trying to better understand how to get a user prompt to re-enter their password if it is expired.

 

Scenario: User resets their password per policy ever 90 days.  When they reboot their laptop or try to re-join the corporate 802.1x SSID, they simply get an "Incorrect user password" message from Windows10.  Forgetting and re-entering their user/password works.  We would like to have the client receive a notification to re-enter the credentials rather than the default be silently deny the user access.

 

Is there any way to make this happen, or configuration setting on the controller which can be enabled to do so? Termination, changing eap settings, or something of the like?

 

Note: I am using ArubaOS and Aruba ClearPass for corporate 802.1x authentication.  We do not terminate on the controller.  In a separate scenario we are using ArubaOS and Windows NPS, but in that scenario, we receive a popup notification.

rwin = 0
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: