Security

Reply
Frequent Contributor I
Posts: 69
Registered: ‎05-06-2013

ClearPass EAP Auth Problems HP LaserJet Printer

I'm having problems getting an HP LaserJet Pro 400 Model M401dw to connect to my ClearPass-enabled SSID using 802.1x.  I set the printer to use EAP-PEAP with WPA2-Enterprise and I see it attempting to authenticate against ClearPass, but the Access Tracker shows Authentication Method of "EAP" and gives the following alerts:

Error Code:
9015
Error Category:
RADIUS protocol
Error Message:
Client does not support configured EAP methods
 Alerts for this Request  
Policy serverFailed to get value for attributes=[Owner]
RADIUSEAP: Client doesn't support configured EAP methods

I'm trying to get help from HP Support, or at least the folks that sold us the printers, but I'm looking for other ideas from fellow Airheads.  Help appreciated.

Guru Elite
Posts: 21,010
Registered: ‎03-29-2007

Re: ClearPass EAP Auth Problems HP LaserJet Printer

Please see the HP 802.1x document here:

 

 http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c00731218-4.pdf

 

to see if it gives you some ideas on how the HP side should be configured.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite
Posts: 8,456
Registered: ‎09-08-2010

Re: ClearPass EAP Auth Problems HP LaserJet Printer

Do you have your RADIUS certificate common name set for "Server ID"? Also, did you upload the root CA?

 

hp-printer.png


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 69
Registered: ‎05-06-2013

Re: ClearPass EAP Auth Problems HP LaserJet Printer

Thanks Colin and Tim.  I went through the document and also verified I entered the cert name for the CPPM. Since it uses a GoDaddy cert I uploaded the GD root cert for CA in the HP printer web gui.  I also spent over an hour on the phone with HP support yesterday. Once I convinced them that I DIDN'T need help with the settings on the client, but I DID need help getting the printer to connect to wireless, they took a bunch of screen shots and are escalating the issue. While on the phone we also updated the firmware on the printer via the web gui, which turns out is more reliable and recommended over using the touch panel on the printer itself. I'm using an HP LaserJet Pro 400 M401dw with "Firmware Datecode" of 20150410.

 

Any other ideas while I wait for HP support to get back to me? I really DON'T want to have a 3rd SSID with PSK, but will if necessary.

MVP
Posts: 1,413
Registered: ‎11-30-2011

Re: ClearPass EAP Auth Problems HP LaserJet Printer

did you get any further with HP helpdesk?

 

it isn't a situation you want permanently, but with this error i usually add all authentication methods (EAP-PEAP / EAP-TLS / EAP-... / ... / ...) possible in the service to see if the printer perhaps uses something different then i expected.

New Contributor
Posts: 2
Registered: ‎12-16-2010

Re: ClearPass EAP Auth Problems HP LaserJet Printer

I get that same error as you if I try connecting using a local database user name and password.  

 

If I try and connect with Mac Auth ClearPass complains about the Password being empty which triggers the following error

 

MAC-AUTH: Password in request doesn't match username. Not attempting MAC authentication

 

I have tried populating the usename and password with the Mac address and no luck.

 

The error "Client does not support configured EAP methods" I get whether a Certificate is installed or not.  I started with the self signed Aruba Cert then when we got our signed Cert now I am unable to install the Public Cert from GoDaddy into the printer, the printer gives an invalid format error.  I have tried every format I can export.  It Says PEM/base 64 which is what I have tried numerous.   Not sure if there is a bit limit or encryption type limit.

 

If I change the VC to Mac Auth first I can get a valid Mac auth in ClearPass but 3 seconds later it gets a reject.  I really dont want my VC set to Mac Auth first so I put it back.  

 

Same Model of HP Printer have tried 3 different Firmwares currently using the same as you 20150410.

 

The 802.1X documentation on this printer is very limited.

 

Not sure if any info above is of any help I will be working on it all day tomorrow too if I figure it out I will post.

 

Tom

Contributor II
Posts: 143
Registered: ‎05-12-2010

Re: ClearPass EAP Auth Problems HP LaserJet Printer


Swack wrote:

I'm having problems getting an HP LaserJet Pro 400 Model M401dw to connect to my ClearPass-enabled SSID using 802.1x.  I set the printer to use EAP-PEAP with WPA2-Enterprise and I see it attempting to authenticate against ClearPass, but the Access Tracker shows Authentication Method of "EAP" and gives the following alerts:

Error Code:
9015
Error Category:
RADIUS protocol
Error Message:
Client does not support configured EAP methods
 Alerts for this Request  
Policy serverFailed to get value for attributes=[Owner]
RADIUSEAP: Client doesn't support configured EAP methods

I'm trying to get help from HP Support, or at least the folks that sold us the printers, but I'm looking for other ideas from fellow Airheads.  Help appreciated.



Swack,

 

Did you ever get this resolved? ]

 

I am running into the same issue with an HP printer & CPPM.

 

Thanks,

Bruce Osborne

Liberty University

Bruce Osborne - Wireless Engineer
ACCP
Contributor II
Posts: 143
Registered: ‎05-12-2010

Re: ClearPass EAP Auth Problems HP LaserJet Printer

[ Edited ]

Sorry for replying to my own post, but I got PEAP working.

If you leave the Server Name blank, the printer accepts any certificate from the uploaded Root CA chain. Apparently, one of my coworkers had typoed our server name on the printer, causing the EAP error.

Bruce Osborne - Wireless Engineer
ACCP
Guru Elite
Posts: 21,010
Registered: ‎03-29-2007

Re: ClearPass EAP Auth Problems HP LaserJet Printer

Bruce,

 

Any instructions on the format and method you used to upload the Root cert would be appreciated.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 143
Registered: ‎05-12-2010

Re: ClearPass EAP Auth Problems HP LaserJet Printer

I did it using the WenUI on an unauthenticated VLAN, but it might be possible to configure the printer using the HP Web JetAdmin printer management software.

I am starting to look at that free software now.

 

Colin,

Any tips on how to get AirPrint working with a wired printer?

Bruce Osborne - Wireless Engineer
ACCP
Search Airheads
Showing results for 
Search instead for 
Did you mean: