Wireless Access

Reply
Occasional Contributor II

Re: What kind of authentication I should use?

cjoseph, the configuration in the IAS is already done.

 

IAS config.JPG

 

But I still can't loggin.

also, From the Diagnostic ---> AAA Test Server, The test went wrong with MSCHAPv2 authentication method.

 

Guru Elite

Re: What kind of authentication I should use?

Well, you need to look in the eventviewer on IAS in System and see why it is failing.  That will tell you exactly why things are not going right.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor II

Re: What kind of authentication I should use?


cjoseph

I can see this logs from 2003 event viewer server

 

User jhon doe was denied access.
 Fully-Qualified-User-Name = ********************************************
 NAS-IP-Address = xx.xx.xx.xx
 NAS-Identifier = <not present>
 Called-Station-Identifier = 000B86524250
 Calling-Station-Identifier = 000000000000
 Client-Friendly-Name = arcorwac001
 Client-IP-Address = xx.xx.xx.xx

NAS-Port-Type = Wireless - IEEE 802.11
 NAS-Port = 0
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = Aruba User
 Authentication-Type = MS-CHAPv2
 EAP-Type = <undetermined>
 Reason-Code = 66
 Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.

 

I do not understan if the error is in te 2003 server or in the client who wants to loggin

Guru Elite

Re: What kind of authentication I should use?

Okay,  I would try unchecking "Validate Server Certificate" in the Client Configuration.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor II

Re: What kind of authentication I should use?

Hi cjoseph, I tryed without "Validate Server Certificate" and still I can't connect. I tryed with different networks authentications and data encryption, WPA2-TKIP and WPA-TKIP (I thought at some point that was the problem) and still nothing. I think my problem is the RADIUS config. I can't perform the Diagnostic --- AAA Test Server with MSCHAPv2 authentication method in a succesfully way. Yesterday I could find some other messages from the Event Viewer:

 

Could not retrieve the Remote Access Server's certificate due to the  following error: Cannot find object or property.

Because no certificate has been configured for clients dialing in with EAP-TLS, a default certificate is being sent to user apex\crespima. Please go to the user's Remote Access Policy and configure the Extensible Authentication Protocol (EAP).

 

So I think I should aim to the RADIUS first.

Guru Elite

Re: What kind of authentication I should use?

mcrespillo, did you follow the step-by-step guide for setting this up?  There is one on this website and another in the appendix in the user guide.  

 

Also, only use WPA2-AES, because 802.11n cannot work with TKIP.

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor II

Re: What kind of authentication I should use?

well, I'm not the Domain Controllers sysadmin, I downloaded the info you gave me and I gave it to our sysadmin. I will talk to him nad will try to follow the steps one by one again and try to resolve de issue. Do you think the problem is there? also I followed the issue with our Aruba provider and as he could check, everything is ok in the Aruba side.

About the 802.11n, we do not use this protocol, so its ok.

 

Occasional Contributor II

Re: What kind of authentication I should use?

cjoseph, I could resolve the RADIUS problem, now I can test in sucefully way the AAA test server with MSCHAPv2. My problem now is that I have this message in the Debug Process Log window:

 

|authmgr| |aaa| RADIUS server APEXRadius-10.30.5.13-1812 timeout for client=00:1b:77:30:c0:77 auth method 802.1x

 

why I have this message if I could connect successfully egainst the RADIUS in the controller?

Guru Elite

Re: What kind of authentication I should use?

Once again, check the eventviewer to see if the radius server is even receiving the radius authentication request.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor II

Re: What kind of authentication I should use?

From the event viewer I have this messages:

 

Because no certificate has been configured for clients dialing in with EAP-TLS, a default certificate is being sent to user apex\crespima. Please go to the user's Remote Access Policy and configure the Extensible Authentication Protocol (EAP).

 

Could not retrieve the Remote Access Server's certificate due to the  following error: Cannot find object or property.

 

Access request for user APEX\crespima was discarded.
 Fully-Qualified-User-Name = apex.local/AR/COR4/APEX/Admin/Marco Crespillo
 NAS-IP-Address = xx.yy.zz.qqq
 NAS-Identifier = xx.yy.zz.qqq
 Called-Station-Identifier = 000B86524250
 Calling-Station-Identifier = 001B7730C077
 Client-Friendly-Name = ArubaController800
 Client-IP-Address = zz.xx.vv.rrr
 NAS-Port-Type = Wireless - IEEE 802.11
 NAS-Port = 1
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Reason-Code = 23
 Reason = Unexpected error. Possible error in server or client configuration.

 

this all 3 messagges repeats everytime I try to loggin.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: