Wireless Access

Reply
Super Contributor II

Re: Version 8 inter grated with LDAP

Make a packet capture to see what's happening. 


Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
MVP Guru

Re: Version 8 inter grated with LDAP

While you did not reveal your objectives, Please be advised that you cannot do 802.1X EAP-PEAP-MSCHAPv2 user authentication through LDAP to an AD server. You should be able to do admin authentication, captive portal (PAP) or EAP-GTC/EAP-(T)TLS with LDAP.

 

For most WLAN authentication scenario's, an external RADIUS server is the better choice. Also, try to avoid EAP-PEAP-MSCHAPv2 whenever possible, at least for unmanaged client devices.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor II

Re: Version 8 inter grated with LDAP

Did you mean that there is a limitation with ldap AD.

i make test usion PAP not MSCHAPv2 nut not help/

all user datavase in ldapAD not in the reduis .

could controller make a paket capture?

MVP Guru

Re: Version 8 inter grated with LDAP

Yes, you should use RADIUS in favor of LDAP in most cases. The short summary is that LDAP (especially with AD) does not provide access to the user password which is required for MSCHAPv2 authentication. It is a design decision that Microsoft made, and I think they made the right decision not to allow access to user passwords.

 

You can use ClearPass to bind into your Active Directory, or if you are experienced enough configure Microsoft NPS on Active Directory to enable RADIUS in an AD environment. 

 

In general, avoid LDAP from the controller but use RADIUS, avoid EAP-PEAP-MSCHAPv2 and use EAP-TLS for wireless clients. There are lots of moving parts with significant consequences of choices in such a design, and I would advise you to work with an Aruba partner to get a secure design.

 

I would capture the LDAP traffic on the LDAP server rather than on the controller.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor II

Re: Version 8 inter grated with LDAP

but unfortunatlly i dont have clear pass or radius server in the site, so there is no soultion ?

 

and what is the siisue berween aruba cntr and ldap , 

 

MVP Guru

Re: Version 8 inter grated with LDAP

You can use a RADIUS server off-site, or install a RADIUS server.

 

It's best to work with your Aruba partner to find a good solution.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor II

Re: Version 8 inter grated with LDAP

thanks for yoe replay . but note that i have another controller version 8 that intergrated with this ldap with no issue, after i take copy from aaa authentication-server from the working cntr and paste it in the new controller can not authenticate also.

 

we using same ldapAD
2 cntr is vmc version 8

MVP Guru

Re: Version 8 inter grated with LDAP

I think it is best that an engineer has a look at your problem. It is hard to solve it without actually looking at the environment.

 

Please contact your Aruba partner, or Aruba Support if you have access to that.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: