5 AP121's authenticating against one AP121 as Radius server with AD backend connection

  • 1
  • Question
  • Updated 5 years ago
  • Answered
Hi, Wondering if someone could let me know where I have gone wrong.

I have created and AAA user directory profile, the AP is joined to the domain and a user exists that tests ok. If I go to tools and test this I get an NT ok message.

I have created an Aerohive AAA server, Database set to AD and my profile from above added. I have enabled RADIUS Server crendentials caching.

In my radius settings It didnt create any new CERT files - should it?

I have not put in a Key file password as it said its created automatically.

I have then created an AAA Client and set this to the first AP121 and put no shared secret in.

Config has been loaded into our AP's but not working.

I have followed this post


Still to no avail. What am I doing wrong.

Photo of Lee Byatt

Lee Byatt

  • 4 Posts
  • 0 Reply Likes
  • anxious

Posted 5 years ago

  • 1
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
When you say the system is "not working" what do you mean?

I suspect that since the LDAP lookups are working correctly on the access points that the issue involves the wireless clients. Are you using PEAP? If so, a server side certificate is required and the wireless clients must trust it. The default HiveManager certificate will not be trusted by the wireless clients so they will not open the tunnel to pass credentials.

On a Windows client you can disable the "Validate Certificate" option in the wireless profile and, if the issue is the server side certificate, this can resolve the issue. This should only be done for fault finding to confirm the issue is certificate based. Once this is done enable the "Validate Certificate" option and fault find.