Security

Reply
Contributor I
Posts: 31
Registered: ‎02-08-2016

Clearpass Authentication TimeOut

Hello,

 

following failure message i receive from our radius:

Client did not complete EAP transaction

 

 

On live Monitoring Access Tracker i receive 2 Messages, i think this is correct:

One is for our Device: EAP-PEAP,EAP-TLS <- works !!

second is for our AD i think and here i get: Client did not complete EAP transaction !!

Always get a TIMEOUT !!!

 

An explanation why ??

I want that the user connect automatically to our Network and to the AD.

 

Thx

Salvatore

 

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: Clearpass Authentication TimeOut

What OS is this client?  Client timeout is a generic error message.  The #1 reason is the radius server certificate is new or changed and the client did not click on accept, so the radius transaction was not completed.  We would need more details to explain why the error message is happening.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Contributor I
Posts: 31
Registered: ‎02-08-2016

Re: Clearpass Authentication TimeOut

Hi,

 

we use Windows 7 clients.

I tried something, i disconnect the Wifi connection and connect it again and now i receive only EAP-PEAP authentication Method. Why ?

Where is my EAP-TLS authentification message ??

I do not change anything in the configuration.

 

THX

Salvatore

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: Clearpass Authentication TimeOut

How is the client configured?

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Contributor I
Posts: 31
Registered: ‎02-08-2016

Re: Clearpass Authentication TimeOut

Hi,

 

  1. first in the security Settings i have set Microsoft EAP (PEAP).
    1. then Settings: check certificate , authenticationmethod: smartcard or other certificate.
    2. enter configure: use certificate on the Computer , use and check certificate.
  2. advanced settings: authentication method -> Computerauthentication.

hope you understand my configuration :-)

 

Under Clearpass Authentication Methods EAP-TLS there is written: Session Timeout 6 hours.

That meens, if i disconnect and connect in this 6 hours a few times, my Laptop (machine authentication) is not considered. Right ?? Only the AD Authentication will be considered.

 

Thx.

Salvatore

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: Clearpass Authentication TimeOut

Does the Windows laptop have a client certificate in the computer store?  How was this certificate issued to the client?  Did it ever work?

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Contributor I
Posts: 31
Registered: ‎02-08-2016

Re: Clearpass Authentication TimeOut

Hi,

 

yes the client have installed the ROOT CA.

to prehistory: Friday i installed the certificate to clearpass.

There are 3 Certificates on CLearpass: Root CA , Intermediate CA, and Server CA.

Thenn i try to connect me a view times but it did not work.

 

Today i added the Certificates to the Trust List on ClearPass and changed the windows settings and it works. I think.

 

Thx

Salvatore

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: Clearpass Authentication TimeOut

The Windows 7 client requires a client certificate for authentication which is separate from the RootCA, Intermediate CA and Server CA.  With your settings the client requires a client certificate in the computer store, not the user store.

 

Use the link here:  https://msdn.microsoft.com/en-us/library/ms788967(v=vs.110).aspx to see how to check for client certificates on your computer.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Contributor I
Posts: 31
Registered: ‎02-08-2016

Re: Clearpass Authentication TimeOut

Hi,

 

yes i have i client certificate. There is separate from the RootCA, Intermediate CA and Server CA.

 

Thx

Salvatore

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: Clearpass Authentication TimeOut

Who issued the client certificate and is it in the computer (machine) store?

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: