Hello!
Encountered an issue in a 802.1x scenario where I use Aruba Controller, ClearPass and Windows 2008R2 AD.
ClearPass is joined to the domain, I've created the AD auth source and required service elements with default auth methods (EAP-PEAP, EAP-TLS, EAP-TTLS, EAP-FAST).
ClearPass is in a DMZ and there is a FortiGate firewall restriciting the traffic that passes between AD and ClearPass.
The AD user I'm using for the authentication source is a normal Domain User.
When using the Policy Simulation with Active Directory Authentication I get success.
When actually trying a client I get the following in Access Tracker Alerts:
RADIUS | MSCHAP: Authentication failed EAP-MSCHAPv2: User authentication failure |
This cause a Deny Access.
Under Input I see this:
Radius:Microsoft:MS-CHAP2-Response | 0x0a6cda9649f3d374d070030ff95fa6327ade000000000000000039fbf3022e1b47c311a27caabf0c45e86d155c24b631d9dc |
Radius:Microsoft:MS-CHAP-Challenge | 0x5ad8746b9e96db0da6bffa8dda9644fa |
Radius:Microsoft:MS-CHAP-Error | E=691 R=1 |
I've also installed the same scenario in my Lab without these error messages.
Anyone got any tips of where the error might be?