Please be informed that with the 'Don't validate certificate' option, your clients will happily post your credentials to any network that 'spoofs' the same SSID.
It's not possible to create a secure authentication with username-password unless you have full control (management) over the client.
Use EAP-TLS with client certificates as the only solution to deploy secure authentication.
LDAP (to Active Directory) will not expose the user's password, which is required to do PEAP-MSCHAPv2 authentication, so in practice LDAP authentication is not even possible for wireless clients (as mentioned by others).
Please consult your Aruba partner or Aruba SE to make sure that you deploy according to appropriate security standards.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Dec 16, 2022 01:23 AM
From: Ajin Skariah
Subject: IAP 515 WLAN LDAP authentication
Hello,
I am trying to set up ldap authentication (NO RADIUS) for wlan security using AD username and password. The user should be able to connect any devices (personal and work). After setting this up, I am able to sign in using Android phone (used Don't validate CA option). But I am not able to sign in to windows machines. Please see attached. The IAP is managed by Aruba Central. Please help me in setting up this. Requirement is to have the user connect to any of his gadgets (android, iphone, laptops etc.) using just his AD username and password.
Thank you,