Wireless Access

Reply
Highlighted
Occasional Contributor II

Radius auth with Windows Server 2012 and Aruba OS 8.3.0.0

Hello,

I try to connect my users to our WLAN using radius authentication (NPS on Win2012). I followed some tutorials and some solutions that I found here, but it is still not working :( 

I allways recieve a authentication error in the VC. 

Where can I find further information about this error?

Maybe these lines are useful:

show ap debug radius-statistics

RADIUS Statistics
-----------------
Statistics                    InternalServer  DC02
----------                    --------------  ----
In Service: Management Auth   Not used        Not used
In Service: GerstnerZentrale  Not used        Not used
Accounting Requests           0               0
Raw Requests                  0               0
PAP Requests                  0               0

DC02 is my WindowsServer - why is it not used?

 

Auth Trace Buffer also shows some lines like these:

Oct 23 08:27:24  rad-req               ->  a4:4e:31:94:ec:64  80:8d:b7:1d:4b:50/t_DC02  51  245   nonasid
Oct 23 08:27:25  rad-resp              <-  a4:4e:31:94:ec:64  80:8d:b7:1d:4b:50/t_DC02  51  -
Oct 23 08:27:25  eap-req               <-  a4:4e:31:94:ec:64  80:8d:b7:1d:4b:50         4   490
Oct 23 08:27:25  eap-resp              ->  a4:4e:31:94:ec:64  80:8d:b7:1d:4b:50         4   17
Oct 23 08:27:25  rad-req               ->  a4:4e:31:94:ec:64  80:8d:b7:1d:4b:50/t_DC02  52  256   nonasid
Oct 23 08:27:26  rad-reject            <-  a4:4e:31:94:ec:64  80:8d:b7:1d:4b:50/t_DC02  52  -
Oct 23 08:27:26  eap-failure           <-  a4:4e:31:94:ec:64  80:8d:b7:1d:4b:50         4   4     server rejected
Oct 23 08:27:26  station-up             *  a4:4e:31:94:ec:64  80:8d:b7:1d:4b:50         -   -     wpa2 aes
Oct 23 08:27:26  eap-id-req            <-  a4:4e:31:94:ec:64  80:8d:b7:1d:4b:50         1   5
Oct 23 08:27:26  eap-start             ->  a4:4e:31:94:ec:64  80:8d:b7:1d:4b:50         -   -

Who is this t_DC02 ?

 

Thanks, Frantischek


Accepted Solutions
Highlighted
Occasional Contributor II

Re: Radius auth with Windows Server 2012 and Aruba OS 8.3.0.0

Hello,

I tried a smaller key and now its working.

Very strange - but I'm happy. :) 

 

Thanks for your support!

 

Regards

Frantischek

View solution in original post


All Replies
Highlighted
Guru Elite

Re: Radius auth with Windows Server 2012 and Aruba OS 8.3.0.0

Do you see anything in the NPS portion of the event viewer in the radius server?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba Technical Webinars
Highlighted
Occasional Contributor II

Re: Radius auth with Windows Server 2012 and Aruba OS 8.3.0.0

No, 

I had some events concerning the wrong secret - but after I fixed this, it's silent.

I also double-checked the auditpolicy with:

C:\Windows\system32>auditpol /get /subcategory:"Netzwerkrichtlinienserver"
Systemüberwachungsrichtlinie
Kategorie/Unterkategorie                  Einstellung
An-/Abmeldung
  Netzwerkrichtlinienserver               Erfolg und Fehler

It's also okay. Sorry for german :) 

 

Highlighted
Guru Elite

Re: Radius auth with Windows Server 2012 and Aruba OS 8.3.0.0

Do you have a screenshot of your SSID configuration?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba Technical Webinars
Highlighted
Occasional Contributor II

Re: Radius auth with Windows Server 2012 and Aruba OS 8.3.0.0

Like this? 

wlan ssid-profile GerstnerZentrale
 enable
 index 0
 termination
 type employee
 essid GerstnerZentrale
 opmode wpa2-aes
 max-authentication-failures 0
 auth-server DC02
 rf-band all
 captive-portal disable
 dtim-period 1
 broadcast-filter arp
 dmo-channel-utilization-threshold 90
 local-probe-req-thresh 0
 max-clients-threshold 64

Highlighted
Guru Elite

Re: Radius auth with Windows Server 2012 and Aruba OS 8.3.0.0

That looks good.  You should not have to change or edit an audit policy.

 

On the commandline of the Instant AP, you should use the aaa test server command to test connectivity to your Windows Server 2012:  https://www.arubanetworks.com/techdocs/Instant_423_WebHelp/InstantWebHelp.htm#CLI_commands/aaa_test_server.htm


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba Technical Webinars
Highlighted
Occasional Contributor II

Re: Radius auth with Windows Server 2012 and Aruba OS 8.3.0.0

Heres the result

# aaa test-server DC02 username c.leitner password ****** auth-type PAP
Username or password wrong for radius server DC02, reason code 7

Now I see a new event 6273 with reason code 66 in the log on the server.

It says something like the authentication method was not activated on the server.

 

Highlighted
Guru Elite

Re: Radius auth with Windows Server 2012 and Aruba OS 8.3.0.0

That is good.  That means the traffic is getting to the radius server.  PAP is only for Captive Portal, so you would not have that enabled.

 

Do you have a screenshot of your NPS policies?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba Technical Webinars
Highlighted
Occasional Contributor II

Re: Radius auth with Windows Server 2012 and Aruba OS 8.3.0.0

Sorry for german language again :)

Occasional Contributor II

Re: Radius auth with Windows Server 2012 and Aruba OS 8.3.0.0

Here is a all in one screenshot :)

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: