Security

last person joined: 12 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Trying to do RADIUS auth

This thread has been viewed 1 times

  • 1.  Trying to do RADIUS auth

    Posted Jun 23, 2016 11:44 AM

    I want to have an SSID that does RADIUS authentication against a Server 2012 R2 RADIUS server.

     

    This currently works with my Procurve setup, but I'm having issues making it work with the Aruba AP.

     

    I've been following this guide, but so far, no luck.  http://www.arubanetworks.com/techdocs/InstantMobile/Advanced/Content/External%20RADIUS%20Server.htm

     

    The error on the server 2012 side is

     

    Reason Code:			16

Reason:				Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

    But, the credentials are being pulled from the Windows session, so they're correct.

     



  • 2.  RE: Trying to do RADIUS auth

    EMPLOYEE
    Posted Jun 23, 2016 11:53 AM
    Are you doing EAP-TLS, EAP-PEAP, EAP-TTLS? Please provide more details.


  • 3.  RE: Trying to do RADIUS auth

    Posted Jun 23, 2016 12:55 PM

    Trying to do EAP-PEAP

     

    The controller is trying to do MS-CHAPv2, and while we're allowing that, it's still not working.  I didn't see a way to control this on the Aruba side.

     

     



  • 4.  RE: Trying to do RADIUS auth

    EMPLOYEE
    Posted Jun 23, 2016 12:58 PM

    Did you create a new connection request policy for the wireless users configured only for EAP-PEAP/MSCHAPv2?



  • 5.  RE: Trying to do RADIUS auth

    Posted Jun 23, 2016 01:12 PM

    No, we're using the same connection request policy, but we did create a new network policy that has the same settings as the "working" policy.