Wireless Access

last person joined: 20 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

LDAP users authentication error with Aruba Controller

This thread has been viewed 3 times

  • 1.  LDAP users authentication error with Aruba Controller

    Posted Sep 24, 2017 11:29 AM

    Hello,

     

    We did integration with Controller 7210 with OS 6.5.1.6 with LDAP and it is successfully done.

     

    When authenticating with Android, Phone it works well.
    When authenticating from Windows 7, Windows 8, Windows 8 it cannot authenticate and there is an error.

     

    I know it was an issue that users were facing previously. Isn't this issue solved yet?

    Thank you



  • 2.  RE: LDAP users authentication error with Aruba Controller

    EMPLOYEE
    Posted Sep 24, 2017 03:10 PM

    Is this captive portal or 802.1x authentication?



  • 3.  RE: LDAP users authentication error with Aruba Controller

    Posted Sep 24, 2017 03:12 PM

    Hi Colin,

     

    It is 802.1x authentication.

     

    Thank you,



  • 4.  RE: LDAP users authentication error with Aruba Controller

    EMPLOYEE
    Posted Sep 24, 2017 04:53 PM

    Did you install your own certificate or you are using the controller's built-in certificate?

     

     



  • 5.  RE: LDAP users authentication error with Aruba Controller

    Posted Sep 25, 2017 12:34 AM

    I am using the controller's built-in certificate.

     

    Thank you



  • 6.  RE: LDAP users authentication error with Aruba Controller

    EMPLOYEE
    Posted Sep 25, 2017 02:45 AM

    It could be expired.  When you go to log into the controller admin interface, you should look at the SSL bar to see what is the date on the certificate..



  • 7.  RE: LDAP users authentication error with Aruba Controller

    Posted Sep 25, 2017 03:01 AM
      |   view attached

    Hello Colin,

     

    The certificate is valid till 2047.

     

    Thank you,



  • 8.  RE: LDAP users authentication error with Aruba Controller

    EMPLOYEE
    Posted Sep 25, 2017 03:25 AM

    Mobile clients and even MacOSX typically will connect to a 802.1x SSID without having the CA that issued the certificate in their trusted store.  Windows is more strict.  

     

    To be honest, the built in 802.1x certificate in the controller was not meant for production use.  It was meant to only be used in the lab and should be replace with a certificate that you create and install yourself.  It is a security issue for your clients if they are authenticating to a server certificate that you do not have control over.

     

     In addition, EAP-Termination is typically only used in situations when you don't have a radius server.  Is the LDAP server you are connecting to a Windows Server?  If yes, you should install the NPS service on that server and configure it as a radius server.  EAP-Termination may be convenient in the beginning, but installing a Windows Server for 802.1x authentication offers much more flexibility and less troubleshooting.  If you indeed have a Windows Server, see if you can follow the instructions here:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Step-by-Step-How-to-Configure-Microsoft-NPS-2008-Radius-Server/m-p/14392/highlight/true#M6113

     



  • 9.  RE: LDAP users authentication error with Aruba Controller

    Posted Sep 25, 2017 03:51 AM

    Hi Colin,

     

    Thank you for your update.

    I will inform our customer that going with LDAP authentication will be inconvenient and it will not work properly. I will check with the IT administrator if they can enable NPS on their Windows server.

     

    Thank you.