Wireless Access

Reply
Occasional Contributor II

Re: LDAP authentication with eDirectory

So this has nothing to do with certificates correct? It's simply because Windows 7 does not have the proper supplicant to support 802.1x authentication?

Guru Elite

Re: LDAP authentication with eDirectory

Yes correct. It has to do with credential hashing.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: LDAP authentication with eDirectory

Hi Tim,

 

We now have freeradius running on sles11 sp3. We'd like our users to connect to our wireless networks using their LDAP credentials. What are the subsequent steps to making this work? Thanks. 

Aruba Employee

Re: LDAP authentication with eDirectory

1. You need to map LDAP to your Free Radius. 

2. in COntroller, Add the radius server. 

3. you have to determine where you are going to terminate the EAP. 

4. if its going to be on controller, you can use EAP -TLS or EAP-Peap with mschapv2.  

Vinod Kumaar AVM ACMX, ACDX
Principal Network Engineer
Customer Advocacy | Aruba Networks Inc.

Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
Occasional Contributor II

Re: LDAP authentication with eDirectory

Thanks. So we have 2 networks: 1 for staff and 1 for students. Once a user's credentials are validated against RADIUS/LDAP how do we prevent a student (let's say) from joining the staff network?

Occasional Contributor II

Re: LDAP authentication with eDirectory

Anyone with edirectory and freeradius knowledge feel free to chime in...The LDAP and RADIUS servers are configured. We'd like our users to authenticate against our wifi networks using their edir credentials and we need the passwords to not be in plain text.. We don't want our students connecting to our staff network.  Tech support at Aruba was not able to help us out. Thank you.

Guru Elite

Re: LDAP authentication with eDirectory

chuckster_ca,

 

EDIT:  obivously I didn't read the question.

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Aruba Employee

Re: LDAP authentication with eDirectory

1. Problem is both are authenticating against same server. both are in different group. but we need to differenciate the two radius request to validate them against two differnt user-group.

2. you can use ARUBA-ESSID attribute on the radius request to differentiate the users

             say User connect to student SSID --> radius req will have essid as student--> Create policy in the radius server that if aruba ESSID == student then check if the username belongs to student group.

3. Another way of doing it is using NAS -ID.

       Create 2 radius server on controller, with same IP and key. but differnt NAS-ID,say student and STaff. map it to differnt servergroup and to the aaa profile.

     So when student tries to auth, he will carry NASID as Student on radius req. SO create a policy in the radius server that if the NAS ID = student then cehck for user in student group in AD.

 

Hope that clears  your query. ALso let me know the case number with TAC and i will review it. 

 

Vinod Kumaar AVM ACMX, ACDX
Principal Network Engineer
Customer Advocacy | Aruba Networks Inc.

Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: