The issue with using AD passwords is that it is terribly hard to configure a device to no authenticate to a 'rogue network'. Which means that, unless you 100% control your client devices, you should consider the username and password-credential being leaked, and if someone has an AD username and password, that allows in many cases a good start to login to computers, webmail, VPN, etc. Here
is an old video that explains it a bit more in technical detail.
Because of this, people now also have issues when users upgrade their Windows version, that authentication suddenly fails (response by bosborne) and there is a strong
recommendation to move away from username/password for WiFi and VPN by Microsoft. Bottom-line, it's easier to deploy EAP-TLS with client certificates than you can securely deploy EAP-PEAP.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Feb 01, 2023 01:59 AM
From: rami.hajjiri
Subject: Sync Wi-Fi authentication with Active Directory
Dear Sir
Thanks for your kind reply, I will watch your videos to learn new things about Aruba Networks.
What kind of weak security would I face, I think integrating Wi-Fi with AD would be more secure than a normal password, each employee has their own username and password.
Would you please get me more into this? Thanks.
Regards
Original Message:
Sent: Jan 31, 2023 11:08 AM
From: Herman Robers
Subject: Sync Wi-Fi authentication with Active Directory
That would be something where you would use a (RADIUS) Authentication server for. Here is my video series that explains how to do such a thing with Aruba ClearPass. And you should be really careful using AD passwords for WiFi access, as it is relatively hard to protect clients to not expose the username and password credentials.
I would really recommend to work with a good partner to get this designed, there are too many things that can go wrong and result in outages or weak security.
For university specific, you would probably have a look at eduroam; which seems available an many countries, maybe also in your.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Jan 31, 2023 03:51 AM
From: rami.hajjiri
Subject: Sync Wi-Fi authentication with Active Directory
Dears
I want to know how to configure Wi-Fi authentication with Active Directory on windows server 2012 so employees can authenticate their username and password instead of normal Wi-Fi password.
I saw this technology used in a university which their Wi-Fi asks for username and password instead of asking only for a password, and students may join using their AD username and password.
Current Aruba Firmware: 8.11.0.1_85785 SSR (Digitally Signed - Production Build)
Regards