PROBLEM. AP121 is unable to authenticate AD users.

  • 1
  • Question
  • Updated 11 months ago
We have about 40 Aerohive Ap's. All is working correctly, except one. This Ap121 does not want to authenticate our business users, but allows internet access for guests as per SSid's. We are broadcasting 3 ssid's, one free wifi where user accepts T&C, and two corp SSID's. Thsi Ap is setup exactly like all AP's in the infrastructure, yet we cannot get corp users to authenticate via their AD credentials. When running Ad/LDAP test from HM - Error "HiveAP ***** was unable to join the Active Directory domain ******
When running radius test, ERROR: "The RADIUS server rejected the Access Request message. "
AP uses static Ip, Device Radius server is selected (same as all other 39 AP's)
DHCP server and relay is specified ((same as all other 39 AP's)

Ap also has a valid name in AD.
Photo of jacques

jacques

  • 1 Post
  • 0 Reply Likes

Posted 11 months ago

  • 1
Photo of Fabien Gaille

Fabien Gaille

  • 53 Posts
  • 3 Reply Likes
Do you mean every of your AP is a RADIUS Server and member of your domain ?

In my configuration, I only have a single AP per hive member of the domain and configured to handle authentication. In my case, I have to ensure every AP is a RADIUS client of my main AP (Configuration => Advanced => Authentication => RADIUS Proxy). I have to ensure that the IP address linked to the object is right as well.

I guess, if every of your AP needs to be able to handle authentication, you should ensure that your "AAA User Directory Settings" => "Domain User Credentials Required for User Lookups" is valid (Validate User) : You should get : "The user was successfully validated.". If not, you may have to join the domain again.
(Edited)