Wireless Access

Reply
Highlighted
Occasional Contributor II

LDAP Queries

Hi,

 

Can we use LDAP for EAP-PEAP with termination disabled or should termination be enabled. Please update soon as there is an ongoing issue and need to bring up the setup.

 

Thank you in advance!


Accepted Solutions
Highlighted
Guru Elite

Re: LDAP Queries

You would only be able to do that if you are using termination AND pointing to a radius server (instead of an LDAP server).  With mschapv2 and termination and an LDAP server, your only inner option is eap-gtc.

 

Long story short, if you have a Windows domain, install the free NPS radius server and avoid all of the hoops you will have to jump through with termination.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide

View solution in original post


All Replies
Highlighted
Guru Elite

Re: LDAP Queries

You cannot use LDAP for EAP-PEAP without termination.  If you do use LDAP for EAP-PEAP, your clients would have to support EAP-GTC (Windows devices do not support this natively


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: LDAP Queries

Hi,

 

Thank you for your response. Please let me know if I can enable termination with EAP-PEAP mschapv2 as inner eap instead of GTC for LDAP.

 

Highlighted
Guru Elite

Re: LDAP Queries

You would only be able to do that if you are using termination AND pointing to a radius server (instead of an LDAP server).  With mschapv2 and termination and an LDAP server, your only inner option is eap-gtc.

 

Long story short, if you have a Windows domain, install the free NPS radius server and avoid all of the hoops you will have to jump through with termination.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide

View solution in original post

Highlighted
Occasional Contributor II

Re: LDAP Queries

Hi,

 

Thank you for your quick response. So If I understood you, if we need to use LDAP, then we need to do the following:

 

1. Enable termination on the controller

2. EAP should be EAP-PEAP and inner-eap-type should be eap-gtc and not mschapv2

3. Install GTC pluggins in devices.

 

Can you let me know if GTC plugins are available even for mobile devices and also do you have any link on how to install GTC plugins?

 

Thank you!

 

Regards,

SRP.

Highlighted
Frequent Contributor I

Re: LDAP Queries

Hi,

 

EAP-GTC is selectable on Android Devices as an option when you configure the SSID. On IOS you don't need to select anything.

 

However, i had similar cases deployed and it is a big head-ache for EAP-GTC rollout, on Windows. Some of the WiFi adapters were not capable of supporting this plug in and they couldn't connect to the SSID at all.

 

Its something i had very bad experience on the customer side perspective.

 

Instead, i installed Windows Server NPS feature and use it as RADIUS Authentication, without EAP-GTC. It is less headache and better user-experience, especially for Windows devices.

Highlighted
Occasional Contributor II

Re: LDAP Queries

Hi Cjoseph,

 

Thank you for your guidance.

 

I will look into it.

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: