dlambrecht@pidy.com

  • 1
  • Question
  • Updated 3 years ago
  • (Edited)
Hi,
we are implementing office 365  with azure same sign on.
for this to work we needed to add our domain.com as een extra UPN to our AD.
Now we have domain.local so as optional we can login with domain.com now.
For office 365 to work we need to change the default domain in ad for every user to domain.com.
when we do this the radius doesnt work anymore.
when it trys to authenticate we go in our not authenticated vlan 4000 normaly we go in vlan 80 where we get an ip.
how ever when we log the client it says autentication succesfull and it still logs in with domain\username.
any one has any idea seems our aerohive vendor doesnt knwo the solution.
on the client we can login with domain\username and mail@domain.com so in ad we dont have any problems.

Kind Regards,

David
Photo of David

David

  • 11 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi David,

My initial suggestion would be to use NPS as your RADIUS server, making this the entirely the concern of Microsoft supplied and supported software. At that point, this can have nothing to do with Aerohive or HiveOS as the EAP termination takes place within NPS.

Nick
(Edited)
Photo of David

David

  • 11 Posts
  • 0 Reply Likes

Hi Nick,

our vendor suggested to use the onboard AP radius server.

so we need to change that or can there be a solution ?

for us its ok to use the onboard AP radius server

Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
It's not the best suggestion considering your needs. To get a swift solution, use NPS.
(Edited)
Photo of David

David

  • 11 Posts
  • 0 Reply Likes

Ok Thanks for the Advice

Kind regards,

David,

Photo of David

David

  • 11 Posts
  • 0 Reply Likes
we have 4 different locations so i need to install nps on every site then ?
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Ideally, yes, for reliability reasons. You can investigate your issue further with a support case, I'm trying to give you an alternative approach that will solve your issue quickly.
(Edited)