Wireless Access

Reply
Frequent Contributor I

LDAP

Hi All,

 

 

I have integrated aruba controller to use authentication from LDAP.

 

AAA test is happening from controller through PAP.

 

Termination is enabled on controller EAP -PEAP and EAP-GTC.

 

EAP-GTC supplicant is installed and made the profile settings as per the document .

 

now i am facing the problem while connecting ...validating identity error

 

 

so what may be the solution for this other than using radius server.

 

 

Guru Elite

Re: LDAP

Uncheck "Validate Server Certificate" in your wireless profile.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Frequent Contributor I

Re: LDAP

i tried that also. but still its not working .....as the termination is in controller is that controller need any certificate to push to clients.

 

 

Guru Elite

Re: LDAP

Is this a Windows computer?  Did you try connecting from a handheld?

 

Turn on user debugging:

 

config t

logging level debugging user.

 

Try to connect and after it fails, type "show log user 50" to see what is going on.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Frequent Contributor I

Re: LDAP

1. this is the windows XP client .

 

Logs :

 

 

Apr 25 15:50:08 :501100:  <NOTI> |stm|  Assoc success @ 15:50:08.921250: 00:0c:f1:4d:b6:a8: AP 192.168.29.8-00:1a:1e:5f:22:44-AP125


Apr 25 15:50:08 :501065:  <DBUG> |stm|  Sending STA 00:0c:f1:4d:b6:a8 message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0x1, wmm:0, rsn_cap:0


Apr 25 15:50:08 :522035:  <INFO> |authmgr|  MAC=00:0c:f1:4d:b6:a8 Station UP: BSSID=00:1a:1e:5f:22:44 ESSID=Ldap VLAN=1 AP-name=AP125


Apr 25 15:50:08 :522004:  <DBUG> |authmgr|  MAC=00:0c:f1:4d:b6:a8 ingress 0x10d3 (tunnel 19), u_encr 64, m_encr 64, slotport 0x1022 , type: local, FW mode: 0, AP IP: 0.0.0.0


Apr 25 15:50:08 :500511:  <DBUG> |mobileip|  Station 00:0c:f1:4d:b6:a8, 0.0.0.0: Received association on ESSID: Ldap Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name AP125 Group default BSSID 00:1a:1e:5f:22:44, phy b, VLAN 1


Apr 25 15:50:08 :500010:  <NOTI> |mobileip|  Station 00:0c:f1:4d:b6:a8, 0.0.0.0: Mobility trail, on switch 192.168.29.248, VLAN 1, AP AP125, Ldap/00:1a:1e:5f:22:44/b

Guru Elite

Re: LDAP

how about the output of "show auth-tracebuf"


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Frequent Contributor I

Re: LDAP

Apr 25 15:50:07  station-term-start     *  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44                                 1      -
Apr 25 15:50:07  eap-term-start        ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:50:07  station-term-start     *  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44                                 1      -
Apr 25 15:50:28  station-term-end       *  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                3      -    failure
Apr 25 15:50:55  station-down           *  e0:ca:94:93:30:e4  00:1a:1e:5f:22:40                                 -      -
Apr 25 15:50:56  station-up             *  e0:ca:94:93:30:e4  00:1a:1e:5f:22:43                                 -      -    wpa2 aes
Apr 25 15:50:56  station-term-start     *  e0:ca:94:93:30:e4  00:1a:1e:5f:22:43                                 1      -
Apr 25 15:50:56  eap-term-start        ->  e0:ca:94:93:30:e4  00:1a:1e:5f:22:43/default                         -      -
Apr 25 15:50:56  station-term-start     *  e0:ca:94:93:30:e4  00:1a:1e:5f:22:43                                 1      -
Apr 25 15:51:02  eap-term-start        ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:02  station-term-start     *  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44                                 1      -
Apr 25 15:51:09  station-down           *  e0:ca:94:93:30:e4  00:1a:1e:5f:22:43                                 -      -
Apr 25 15:51:10  station-up             *  e0:ca:94:93:30:e4  00:1a:1e:5f:22:43                                 -      -    wpa2 aes
Apr 25 15:51:10  station-term-start     *  e0:ca:94:93:30:e4  00:1a:1e:5f:22:43                                 1      -
Apr 25 15:51:10  eap-term-start        ->  e0:ca:94:93:30:e4  00:1a:1e:5f:22:43/default                         -      -
Apr 25 15:51:10  station-term-start     *  e0:ca:94:93:30:e4  00:1a:1e:5f:22:43                                 1      -
Apr 25 15:51:13  client-finish         ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  server-finish         <-  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  server-finish-ack     ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  inner-eap-id-req      <-  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  inner-eap-id-resp     ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -    arubadc\nithin
Apr 25 15:51:13  eap-mschap-chlg       <-  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  eap-nak               ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -    EAP-GTC
Apr 25 15:51:13  eap-gtc-token-req     <-  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  eap-gtc-token-res     ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      8
Apr 25 15:51:13  pap-response          <-  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/Ldap-2008                       -      -    arubadc\nithin
Apr 25 15:51:13  eap-tlv-rslt-failure  <-  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  eap-tlv-rslt-failure  ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  eap-failure           <-  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  pap-request           ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -    arubadc\nithin
Apr 25 15:51:13  station-down           *  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44                                 -      -
Apr 25 15:51:13  station-up             *  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44                                 -      -    wpa2 aes
Apr 25 15:51:13  station-term-start     *  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44                                 1      -
Apr 25 15:51:13  eap-term-start        ->  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44/dot1x_prof-mft83                -      -
Apr 25 15:51:13  station-term-start     *  00:0c:f1:4d:b6:a8  00:1a:1e:5f:22:44                                 1      -

Guru Elite

Re: LDAP

Do you have a screenshot of your Windows Config?

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Frequent Contributor I

Re: LDAP

 Attached the screen shot of wireless profile .

Guru Elite

Re: LDAP

Don't see anything.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: