I just deployed a ClearPass VM wtih LDAP connectivity to a domain controller, TACACS server for network equipment to authenticate and Radius for everything else. For TACACS and Radius, I have policies setup to use the authentication source going back to my domain or against the LDAP source. I have been able to confirm that TACACS and radius will work with network and other types of devices. However, when I attempt to connect the controller up to ClearPass using the radius under Secuirty -> Authentication -> Servers -> Radius & RFC 3576 server, I am able to authenticate only if I allow mschap (not v2). The moment I remove mschap from the authentication methods, the controller is no loner able to authenticate.
Any suggestions of what I should look at to get EAP MSCHAPv2 to work?