Aruba Machine Auth (RADIUS)

I've just taken delivery of a shiny new Aruba MC800 controller and some AP61s to give us some nice site wide coverage. I'm moving away from my old fat-AP infrastructure of Netgear WG302s to use the thin-AP Aruba in order to improve handover and channel management etc.

My config is as follows:
School WLAN 11b/g network set across all APs, set to use WPA/TKIP with RADIUS auth pointing to a Windows 2k3 IAS box.

The only IAS rule is:
"Windows Group Matches *mydomain*\Domain Computers;*mydomain*\Domain Users"

This profile worked fine with the Netgears, and I haven't changed the policy since upgrading to Aruba. If i log a machine on under cached credentials, for example as Administrator, it will then connect to the WiFi authenticating as a USER. Problem is that the MACHINE will not authenticate to give me the ability to logon wirelessly from the Ctrl+Alt+Del Screen.

I get this error in IAS Log Viewer: "IAS_AUTH_FAILURE"

Anyone know if I've missed a stupid tickbox in the Aruba config somewhere (after all there are a lot of them!) Config Dumps and Screenshots are available if anyone knows what they're doing!

Many Thanks all

Scott

*Bump* Anyone any ideas on this? Please.....? :D

Quote:

---

Originally Posted by ScottStevinson

I've just taken delivery of a shiny new Aruba MC800 controller and some AP61s to give us some nice site wide coverage. I'm moving away from my old fat-AP infrastructure of Netgear WG302s to use the thin-AP Aruba in order to improve handover and channel management etc.

My config is as follows:
School WLAN 11b/g network set across all APs, set to use WPA/TKIP with RADIUS auth pointing to a Windows 2k3 IAS box.

The only IAS rule is:
"Windows Group Matches *mydomain*\Domain Computers;*mydomain*\Domain Users"

This profile worked fine with the Netgears, and I haven't changed the policy since upgrading to Aruba. If i log a machine on under cached credentials, for example as Administrator, it will then connect to the WiFi authenticating as a USER. Problem is that the MACHINE will not authenticate to give me the ability to logon wirelessly from the Ctrl+Alt+Del Screen.

I get this error in IAS Log Viewer: "IAS_AUTH_FAILURE"

Anyone know if I've missed a stupid tickbox in the Aruba config somewhere (after all there are a lot of them!) Config Dumps and Screenshots are available if anyone knows what they're doing!

Many Thanks all

Scott

---

Hi Scott,

Can you send some screenshots of ias configuration and also errors relating to IAS in event viewer.

Ash.

@Ash: I've sent you a PM.

In the end I wiped my Aruba Controller and started from scratch. Seems to be working okay now. Would anyone find a guide useful for a simple single VLAN, single subnet network like mine with IAS? If so, I'll write up what I did. (More complicated stuff is covered by Aruba docs, but haven't found any simple scenarios)

Scott