Security

Reply
Guru Elite

Re: Windows 7 and Radius Auth not working

If you are having the exact same issue as in the thread, you need to figure out why the radius server is rejecting your client.

 

Either way, you should open a case so that they can get to thebottom of it.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Highlighted
New Contributor

Re: Windows 7 and Radius Auth not working

Hello,

 

I had the same issue with a Windows 7 computer in workgroup attempting to connect to an SSID with WPA2-Enterprise with AES and 802.1X authentication.

 

The computer try to connect with local user or with computer account.

 

You need to manually create a wireless profile for this SSID and then on the security tab:

1) Edit MS PEAP Parameters, unchek the box 'Validate Sever Certificate' and click the Configure button above Secured Password (EAP-MSCHAP v2) to uncheck the box 'Automatically use my Windows username and password'.

2) Click Advanced Parameters button, check the box Specify authentication mode to User Authentication.

 

Frequent Contributor I

Re: Windows 7 and Radius Auth not working

Mar 28 17:07:22  station-up             *  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   -    -     wpa2 aes
Mar 28 17:07:22  eap-id-req            <-  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   1    5
Mar 28 17:07:22  eap-start             ->  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   -    -
Mar 28 17:07:22  eap-id-req            <-  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   1    5
Mar 28 17:07:22  eap-id-resp           ->  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   1    14    wifi-user
Mar 28 17:07:22  rad-req               ->  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   39   232
Mar 28 17:07:22  eap-id-resp           ->  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   1    14    wifi-user
Mar 28 17:07:22  rad-resp              <-  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0/rz-dc-2           39   90
Mar 28 17:07:22  eap-req               <-  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   2    6
Mar 28 17:07:22  eap-resp              ->  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   2    117
Mar 28 17:07:22  rad-req               ->  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0/rz-dc-2           40   373
Mar 28 17:07:22  rad-resp              <-  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0/rz-dc-2           40   1188
Mar 28 17:07:22  eap-req               <-  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   3    1096
Mar 28 17:07:22  eap-resp              ->  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   3    6
Mar 28 17:07:22  rad-req               ->  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0/rz-dc-2           41   262
Mar 28 17:07:22  rad-resp              <-  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0/rz-dc-2           41   1188
Mar 28 17:07:22  eap-req               <-  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   4    1096
Mar 28 17:07:22  eap-resp              ->  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   4    6
Mar 28 17:07:22  rad-req               ->  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0/rz-dc-2           42   262
Mar 28 17:07:22  rad-resp              <-  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0/rz-dc-2           42   1188
Mar 28 17:07:22  eap-req               <-  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   5    1096
Mar 28 17:07:22  eap-resp              ->  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   5    6
Mar 28 17:07:22  rad-req               ->  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0/rz-dc-2           43   262
Mar 28 17:07:22  rad-resp              <-  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0/rz-dc-2           43   1188
Mar 28 17:07:22  eap-req               <-  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   6    1096
Mar 28 17:07:22  eap-resp              ->  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   6    6
Mar 28 17:07:22  rad-req               ->  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0/rz-dc-2           44   262
Mar 28 17:07:22  rad-resp              <-  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0/rz-dc-2           44   985
Mar 28 17:07:22  eap-req               <-  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   7    895
Mar 28 17:07:22  eap-resp              ->  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   7    343
Mar 28 17:07:22  rad-req               ->  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0/rz-dc-2           45   601
Mar 28 17:07:22  rad-resp              <-  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0/rz-dc-2           45   153
Mar 28 17:07:22  eap-req               <-  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0                   8    69
Mar 28 17:07:22  station-down           *  e0:9d:31:3b:62:bc  34:fc:b9:ea:77:f0  

I'm having a similar issue.

Following setup:

 

Win 7 SP1 Clients

Win 2012 Server with NPS configured with EAP-TLS and EAP-PEAP MSCHAPv2 for testing.

 

I receive a successful if I use the AAA test from the controller. On the Win 7 client I'm not able to get a connection running (I already checked and unchecked all the possible options like Cert-validation)

 

If I turn on Termination on the controller, EAP-PEAP will work.

 

The NPS is only logging the success from the AAA test server.

 

The aruba log shows "Deauth from STA .... unspecified failure" and the Client is logging an meaningless EAP failure.

 

 

Any ideas? The NPS Server has a certificate and the clients has a device certificate, too. The goal is EAP-TLS and everything is allowed on the NPS.

 

 

 

 

 


Sven - AMFX #35
New Contributor

Re: Windows 7 and Radius Auth not working

Excelent

Great Job

Thanks

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: