Wireless Access

New Contributor

802.1x and multi domain authentication

Hi Everyone,


We have a Aruba setup using 802.1x authentication against a microsoft IAS server that's a member of domain A.


We will be fully migrating from domain A to domain B. Therefore I would like to accomplish users from both domain A and B to log onto our wireless for the time being.


We have network policies set up in NPS to authenticate users and computers from domain A and this is working fine. I've duplicated these policies to enable user and computer accounts from domain B to have access but this isn't working.


Domain A and B have a two way trust.


Anyone got any ideas how I can accomplish this?



Guru Elite

Re: 802.1x and multi domain authentication

You still need to setup radius proxy for this to work reliably.  In addition, all authentication requests must send the FQDN of the domain in the user field so that the first radius server knows where to send the authentication.  http://technet.microsoft.com/en-us/library/cc785693(v=ws.10).aspx


You could also setup multiple radius servers in the Aruba server group and enable failthrough, but you need to turn on termination in the 802.1x profile and upload a server certificate to the controller that both domains trust, for this to work.


Radius proxy is probably the first think I would try....


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: