LDAP issue with ISE/Aruba wireless and Eduroam

Dan Eyster — Mon, 11 Mar 2019 08:47:01 GMT

One of my customers is using ISE and Aruba wireless. The Aruba wireless is broadcasting a Eduroam SSID. They are having issues with students authenticating to the Eduroam SSID. Below is the description of the issue:

"The problem is in the user authentication from ISE to LDAP. According to Eduroam enigneers, the password needs to be unhashed from ISE to LDAP in order for it to work. What was recommended was TTLS PAP. On the Aruba controllers, that is not an option that we can see. Options are TLS/GTC or PEAP/MSCHAPV2. So the question is, are there any other clients with an Aruba install broadcasting an Eduroam SSID, utilizing ISE with LDAP as their external identity server? I know another customer is currently running an Aruba install with ISE but are running it against AD. Which works well in our environment as well. But all of the student records are within LDAP."

The customer was provided with this following guide:

https://communities.cisco.com/docs/DOC-75525

They also have a TAC case open as well.

Any help is appreciated.

Thanks,

Dan

Re: LDAP issue with ISE/Aruba wireless and Eduroam

hslai — Sat, 28 Jul 2018 20:58:31 GMT

I do not think it matters what EAP options in the controllers have, because the controllers are proxying the EAP requests to the RADIUS server(s) (ISE in this case) but not terminating EAP itself.

topic Re: LDAP issue with ISE/Aruba wireless and Eduroam in Network Access Control

LDAP issue with ISE/Aruba wireless and Eduroam

Re: LDAP issue with ISE/Aruba wireless and Eduroam