Highlighted
Anonymous_User Absent Member.
Absent Member.
3219 views

Wireless WPA2-Enterprise + 802.1x (EAP-PEAP/MSCHAPv2) config

Hello,

We're in the process of moving all of our wireless from WPA-PSK to WPA2-Enterprise with 802.1x EAP-MSCHAPv2 (PEAP). All workstations are Windows 7 with the 2SP3 IR2 client. What we'd like is for the 802.1x SSO functionality to work so users do not have to sign in computer only first and then use the novell login after connecting. I've followed the documentation for enabling 802.1x that Novell provides with no success. I'm hoping someone has done this or can point me in the direction of documentation that can use to better understand what configuration is needed to make this work.
Labels (1)
Tags (1)
0 Likes
10 Replies
Knowledge Partner
Knowledge Partner

Re: Wireless WPA2-Enterprise + 802.1x (EAP-PEAP/MSCHAPv2) co

djaquays;2329325 wrote:
Hello,

We're in the process of moving all of our wireless from WPA-PSK to WPA2-Enterprise with 802.1x EAP-MSCHAPv2 (PEAP). All workstations are Windows 7 with the 2SP3 IR2 client. What we'd like is for the 802.1x SSO functionality to work so users do not have to sign in computer only first and then use the novell login after connecting. I've followed the documentation for enabling 802.1x that Novell provides with no success. I'm hoping someone has done this or can point me in the direction of documentation that can use to better understand what configuration is needed to make this work.


First I would try the latest client (IR8)... Do you have FreeRadius in this configuration or something else?

Thomas
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Wireless WPA2-Enterprise + 802.1x (EAP-PEAP/MSCHAPv2) co

thsundel;2329328 wrote:
First I would try the latest client (IR8)... Do you have FreeRadius in this configuration or something else?

Thomas


I went on vacation shortly after posting this and just got back into the office.

We're using Aruba's ClearPass Policy Manager, which is functions as a RADIUS and TACACS server. The 802.1x functionality works perfectly as long as you're already signed into the desktop.

I will try to upgrade a device to IR8 and see if it starts working, but I'd really be interested to know if anyone has actually gotten this to work with a wireless network.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Wireless WPA2-Enterprise + 802.1x (EAP-PEAP/MSCHAPv2) co

djaquays;2331486 wrote:
I went on vacation shortly after posting this and just got back into the office.

We're using Aruba's ClearPass Policy Manager, which is functions as a RADIUS and TACACS server. The 802.1x functionality works perfectly as long as you're already signed into the desktop.

I will try to upgrade a device to IR8 and see if it starts working, but I'd really be interested to know if anyone has actually gotten this to work with a wireless network.


Well I have had it working with HP wireless and aruba wireless but I used freeradius as the backend in both cases.

Thomas
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Wireless WPA2-Enterprise + 802.1x (EAP-PEAP/MSCHAPv2) co

thsundel;2331490 wrote:
Well I have had it working with HP wireless and aruba wireless but I used freeradius as the backend in both cases.

Thomas


I haven't had a chance to play with this yet on IR8, but I'd be curious of your steps to get this working.

I'm not sure why FreeRadius would make any difference vs ClearPass.. they both speak RADIUS.

This is the only documentation I can find from Novell: https://www.novell.com/documentation/windows_client/windows_client_admin/data/b8jn9w6.html
0 Likes
Knowledge Partner
Knowledge Partner

Re: Wireless WPA2-Enterprise + 802.1x (EAP-PEAP/MSCHAPv2) co

djaquays;2332009 wrote:
I haven't had a chance to play with this yet on IR8, but I'd be curious of your steps to get this working.

I'm not sure why FreeRadius would make any difference vs ClearPass.. they both speak RADIUS.

This is the only documentation I can find from Novell: https://www.novell.com/documentation/windows_client/windows_client_admin/data/b8jn9w6.html


It's a couple of years since I did this so my memory is a bit vague... 😞

Did you install the peap plugin on the workstation, if I remeber correctly this was needed?

http://support.arubanetworks.com/TOOLSRESOURCES/tabid/76/DMXModule/514/EntryId/114/Default.aspx

Thomas
0 Likes
Knowledge Partner
Knowledge Partner

Re: Wireless WPA2-Enterprise + 802.1x (EAP-PEAP/MSCHAPv2) co

thsundel;2332019 wrote:
It's a couple of years since I did this so my memory is a bit vague... 😞

Did you install the peap plugin on the workstation, if I remeber correctly this was needed?

http://support.arubanetworks.com/TOOLSRESOURCES/tabid/76/DMXModule/514/EntryId/114/Default.aspx

Thomas


Or wait, I might be confusing now... Sry..

Do you have any vendor/driver specific WLAN software on the workstation, you should only have the wlan driver on the workstation and make sure the built in Windows WLAN utility?

Thomas
0 Likes
Knowledge Partner
Knowledge Partner

Re: Wireless WPA2-Enterprise + 802.1x (EAP-PEAP/MSCHAPv2) co

thsundel;2332022 wrote:
Or wait, I might be confusing now... Sry..

Do you have any vendor/driver specific WLAN software on the workstation, you should only have the wlan driver on the workstation and make sure the built in Windows WLAN utility?

Thomas


And you have manually added the WLAN and made sure that the "Automatically connect to this network..." checkbox is marked?

Thomas
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Wireless WPA2-Enterprise + 802.1x (EAP-PEAP/MSCHAPv2) co

thsundel;2332023 wrote:
And you have manually added the WLAN and made sure that the "Automatically connect to this network..." checkbox is marked?

Thomas

Yes.

Essentially what we tried was to login to the workstation locally, connect to desired SSID, configure the now saved network to automatically connect trust the certs/etc, enable the 802.1x functionality as described in the link I posted and try to login.

We do not have any third party WLAN utilities installed.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Wireless WPA2-Enterprise + 802.1x (EAP-PEAP/MSCHAPv2) co

djaquays;2332039 wrote:
Yes.

Essentially what we tried was to login to the workstation locally, connect to desired SSID, configure the now saved network to automatically connect trust the certs/etc, enable the 802.1x functionality as described in the link I posted and try to login.

We do not have any third party WLAN utilities installed.


Ok so what is the error you get when you try to login from the login screen? After you entered the username click the advanced option, login using 802.1x is checked?

Thomas
0 Likes
Knowledge Partner
Knowledge Partner

Re: Wireless WPA2-Enterprise + 802.1x (EAP-PEAP/MSCHAPv2) co

thsundel;2332159 wrote:
Ok so what is the error you get when you try to login from the login screen? After you entered the username click the advanced option, login using 802.1x is checked?

Thomas


Also enable debug log, maybe the answer is in there: https://www.novell.com/support/kb/doc.php?id=7005241

Thomas
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.