AP as RADIUS Server

  • 1
  • Question
  • Updated 8 months ago
I have an AP122 setup where the AP is acting as a RADIUS server with AAA. I have verified that it is communicating with LDAP correctly. When testing connectivity with Windows 10 I have encountered the following issues. 

1.  Select the SSID and get the username and password prompt. 
2.  Select the check mark next to "Use my Windows user account" I get a message stating "Can't connect to this network"
3.  I will the try and reconnect but manually type the user name and password of my AD account. Which is the same account used to login to the workstation. 
4.  I then get prompted with "Continue connecting? If you expect to find SSID in this location, go ahead and connect. Otherwise, it may be a different network with the same name. Show certificate details. Server thumbprint: DC A4... 
5.  It now shows that the device is "Connected, secured" and traffic is passing. 

I would like to know if it is possible to generate a client cert from HMNG to integrate with my Aerohive based RADIUS server or further input on how to resolve the certificate issues. 
Photo of Joshua Crater

Joshua Crater

  • 2 Posts
  • 2 Reply Likes

Posted 8 months ago

  • 1
Photo of Dianne Dunlap

Dianne Dunlap

  • 75 Posts
  • 15 Reply Likes
I haven't personally tried/seen the error - I'm assuming it's a captive portal. 
But perhaps you could download the certificate(s) and install on devices.  If you connect with Chrome and see the
Your connection is not private message, you can bring up developer tools > security > view certificate > details > copy to file (for all certs in the path).  Then bring up the cert(s) and import, choosing to park them in trusted root authority store.

You can also push certs using GPO.  But this wouldn't help a whole lot if it's a portal guests are hitting. 

If you're using this for internal users, using 802.1x and an external radius server integrated with your AD instead would ensure that your devices had the AD certificates on them and they wouldn't get the messages.
Photo of Kent


  • 5 Posts
  • 0 Reply Likes

Hi, we have start test just the same setup, and have the same problem.

Like Dianne says I think that a certificate from AD domain solves Joshua’s item 4.

But I have not yet test that.

Do you think that "Use my Windows user account" also has to do with certificate?

I don’t, but I have not find any other solution. One colleague that think it’s an issue with windows 10, but same here have not test with windows 7 yet.

Photo of Dianne Dunlap

Dianne Dunlap

  • 75 Posts
  • 15 Reply Likes
If you run certmgr.msc on Windows 10 and do not see a match for the Aerohive cert in trusted roots, you will get the error message you're seeing whether on Windows 7 or 10.  Do you have the option of doing http captive portal instead of https (realizing that traffic between client and server will be unencrypted)?