Are you using Aruba's defaults for the dot1x authentication profile? Their defaults are not very good. Here is an example I received from Washington & Lee University.
! aaa authentication dot1x "Example" timer idrequest_period 10 max-requests 2 timer wpa-key-period 2000 timer wpa2-key-delay 120 timer wpa-groupkey-delay 100 validate-pmkid ! I know this has been tested on ArubaOS 3.1.4.x & 5.x. I am not sure about 6.x. Bruce Osborne Wireless Network Engineer IT Network Services (434) 592-4229 LIBERTY UNIVERSITY 40 Years of Training Champions for Christ: 1971-2011 From: Joy Veronneau [mailto:j...@cornell.edu] Sent: Tuesday, August 09, 2011 4:31 PM Subject: Any known problems with Mac OS 10.6 and MSCHAPv2 and Aruba equipment? Hi, We are in the process of testing support for MSCHAPv2 on our wireless network. (We have been supporting only TTLS/PAP up to now.) I have a radiator/ntlm configuration that works with MSCHAPv2 and Windows7 and Windows Vista machines. We cannot get it to work with Mac OS 10.6 or MacOS Lion or iPhones or iPads. I have the radiator logs in debug mode and it looks like the ntlm authentication is working just fine. There are no error messages but the Mac OS X machine never gets an IP address. It seems that our problem might be related to the Aruba access points we are using because we have an engineer that has a different type of access point set up at home with a windows radius server and his Mac works ok there with MSCHAPv2. I'm wondering if there are any known problems with Aruba equipment and MSCHAPv2 and Mac OS 10.6 and higher? The Aruba equipment is showing a "mic failure" towards the end of the negotiation. We are running version 4.7 of radiator on a linux machine. Any ideas appreciated :) Thanks- Joy Veronneau Identity Management Cornell University ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
