Hive hosted Radius server active directory integration issues

  • 1
  • Question
  • Updated 3 years ago
Can't get hive hosted radius server active directory integration to join and save with domain admin credentials, it just times out. It resolves the domain name fine.
Photo of Damo

Damo

  • 7 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Damo

Damo

  • 7 Posts
  • 0 Reply Likes
So I'm setting up a splash page in Express 6.1r6a using an Aerohive AP as the radius server, I've set the DNS to internal, I select Active Directory Integration, the domain name resolves, then when I try to Join and Save using a Domain Admin account I receive a message stating "The join operation was unsuccessful and has timed out. The Active Directory server might not be reachable." any ideas?
Photo of Deven Ducommun

Deven Ducommun, Beta Program Manager

  • 53 Posts
  • 5 Reply Likes
Hi Damo,

Are you seeing any connectivity in the Event log on the AD server? Can you run this command in the CLI and see what the out put is

#exec aaa net-ads-info <String> 

#exec aaa net-join primary username XXXXX password XXXXX

Thanks,

Deven
Photo of Damo

Damo

  • 7 Posts
  • 0 Reply Likes
Hi Deven,

Thanks for the response, I've SSH'd on to the AP and run the above commands with the below outcome:

#exec aaa net-ads-info XXX.XXX
Exec net failed for no response(###0xEEEEEEEE###)

#exec aaa net-join primary username XXX@XXX.XXX password *****
Exec-Program output:
Error: HiveAP does not enable AD/OD as db-type.
ERROR: Invalid parameter(s)

Let me know if you need me to do anything else, thanks again.
Photo of Damo

Damo

  • 7 Posts
  • 0 Reply Likes
Ok, so as I'd been doing this via the web console, changing the DNS was a step that was never saved as the whole process was not successful; I've just set the DNS via the SSH console:

#dns server-ip XXX.XXX.XXX.XXX
#exec aaa net-ads-info XXX.XXX
Bind path:          dc=XXX,dc=XXX
LDAP server:        XXX.XXX.XXX.XXX
Name:               XXX
Realm:              XXX.XXX

However I still receive:

#exec aaa net-join primary username XXX@XXX.XXX password *****
Exec-Program output:
Error: HiveAP does not enable AD/OD as db-type.
ERROR: Invalid parameter(s)
Photo of Deven Ducommun

Deven Ducommun, Beta Program Manager

  • 53 Posts
  • 5 Reply Likes
OK so after the DNS change the net-ads-info is returning good information.  So on the next step sorry I forgot a line for the net-join command.  You need to configure the primary domain to join first :)

#aaa radius-server primary 10.1.1.25 shared-secret ********

Deven

Photo of Damo

Damo

  • 7 Posts
  • 0 Reply Likes
Still get the same outcome, I am trying to use the Aerohive AP as a radius server, so in the extra line you suggested above I've put the IP of the AP.
Photo of Damo

Damo

  • 7 Posts
  • 0 Reply Likes
Well, I'm glad we didn't pay for this AP and it was free from a webinar. Strangest looking door stop I've ever had.
Photo of Michael Collinson

Michael Collinson

  • 2 Posts
  • 0 Reply Likes
Did you ever get this resolved?  I'm getting the same error
Photo of Damo

Damo

  • 7 Posts
  • 0 Reply Likes
Hi Michael, afraid not.

It has since been promoted from doorstop to another thing in the pile with the AirMarshal units...
Photo of Steve Denman

Steve Denman

  • 1 Post
  • 0 Reply Likes

this is fixable, I had the issue and resolved it by following this guide.

http://www.aerohive.com/330000/docs/help/english/6.4r1/hm/full/help.htm#ref/radiusConfig.htm%3FTocPa...

although step 4 and 5 are the same and cannot be performed twice.

also ensure radius is set correctly on the device :

devices | all devices | <AP> | service settings

remove the proxy

All I've got to do is fix the certificate issue with win7.

(Edited)