11-28-2016 04:51 PM
11-29-2016 12:39 PM
From the Windows error logs, it appears that Client did not present its certificate as a result of which the EAP authentication timedout in ClearPass. If this is a user certificate, please make sure the client has its certificate installed under Personal folder in the certmgr.msc. We can try the same certificate on any other client to isolate the problem.
So understand this further, enable debug for RADIUS service(Administration --> Server Manager --> Log configuration --> Select RADIUS service and set the log level to DEBUG). Attempt again with different clients and attach the access tracker logs.
11-29-2016 02:30 PM
I use the same certificate to access certain internal sites and it is in the Personal folder. I'll test it from another Windows system and I'll try a co-worker's system to test with their certificate. I tried from an Ubuntu VM last night but had a lot of issues.
Thank you for the directions to turn on the debug for the radius server. I attached the logs.
11-29-2016 02:38 PM
Is the Windows supplicant configured for User, Computer or User+Computer authentication?
11-30-2016 02:43 PM
11-30-2016 02:49 PM
There is a user cert in the user store from the same CA that Clearpass's certificate is using. There is a machine cert in the local computer store, but it is a self signed cert it looks like since the "issued by" is the same name as the machine. Do I need a machine cert from the same CA as well? I thought I could get by with just the user cert.
11-30-2016 02:51 PM
If you want to authenticate the machine, you'll need a machine cert in the computer store.
11-30-2016 02:55 PM
No. Using OpenCA and the certs are manually added. We currently use the user cert to connect via WiFi directly onto the Aruba Controller. Eventually we want to move wireless to Clearpass as well. I am starting with Wired NAC first.
11-30-2016 04:22 PM
Can you try setting the supplicant to user only and then manually configuring the supplicant for EAP-TLS including the cert selection options to reference the CA?