Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Constantly getting EAP: Client doesn't support configured EAP methods in CP 6.6

This thread has been viewed 10 times

  • 1.  Constantly getting EAP: Client doesn't support configured EAP methods in CP 6.6

    Posted Oct 07, 2016 12:58 AM

    Hi,

     

    I am having an issue with CP 6.6 around EAP TLS. below is a log from the client, the only method of connection configured under the service is EAP-TLS, when using EAP PEAP and the clients credintials everything authenicates perfectly against AD.

     

    The Client has been setup to use EAP TLS as a manually connection with computer authenication. I have tested on mutliple windows 7 PC and the same issue. has anyone seen anything similar before?

     

     

    2016-10-07 15:28:17,723[Th 41 Req 10410 SessId R00000509-01-57f72461] INFO RadiusServer.Radius - rlm_service: Starting Service Categorization - 69:330:c4-d9-87-da-a5-8e
    2016-10-07 15:28:17,725[RequestHandler-1-0x7f4854be5700 r=psauto-1474263806-2582 h=223 r=R00000509-01-57f72461] INFO Core.ServiceReqHandler - Service classification result = ASNSW-EAP-TLS
    2016-10-07 15:28:17,726[Th 41 Req 10410 SessId R00000509-01-57f72461] INFO RadiusServer.Radius - Service Categorization time = 1 ms
    2016-10-07 15:28:17,726[Th 41 Req 10410 SessId R00000509-01-57f72461] INFO RadiusServer.Radius - rlm_service: The request has been categorized into service "Test-EAP-TLS"
    2016-10-07 15:28:17,726[Th 41 Req 10410 SessId R00000509-01-57f72461] INFO RadiusServer.Radius - rlm_ldap: searching for user host/CNU4238VC8.******.au in AD:ABCZHQ-DC-01.******.au
    2016-10-07 15:28:17,734[Th 41 Req 10410 SessId R00000509-01-57f72461] INFO RadiusServer.Radius - rlm_ldap: found user host/CNU4238VC8.******.au in AD:ABCZHQ-DC-01.*******.au
    2016-10-07 15:28:17,734[Th 41 Req 10410 SessId R00000509-01-57f72461] INFO RadiusServer.Radius - LDAP/AD User lookup time = 8 ms
    2016-10-07 15:28:17,734[Th 41 Req 10410 SessId R00000509-01-57f72461] INFO RadiusServer.Radius - rlm_eap_tls: Initiate
    2016-10-07 15:28:17,734[Th 41 Req 10410 SessId R00000509-01-57f72461] INFO RadiusServer.Radius - reqst_update_state: Access-Challenge 69:88:c4-d9-87-da-a5-8e:ABYABwAwAKeqKAAAt77YOwPSnVgtqdsSIYX/3w==
    2016-10-07 15:28:17,736[Th 42 Req 10411 SessId R00000509-01-57f72461] INFO RadiusServer.Radius - rlm_service: The request was categorized into service "Test-EAP-TLS" - 70:337:c4-d9-87-da-a5-8e
    2016-10-07 15:28:17,736[Th 42 Req 10411 SessId R00000509-01-57f72461] ERROR RadiusServer.Radius - rlm_eap: Client doesn't support any method that we require. Rejecting client.

    Regards,

     

    Marc



  • 2.  RE: Constantly getting EAP: Client doesn't support configured EAP methods in CP 6.6
    Best Answer

    EMPLOYEE
    Posted Oct 07, 2016 06:55 AM

    1.  What CA issued the client certificate?  Does ClearPass have a copy of the CA certificate in trusted certificates?

    2.  Do you have an EAP-TLS authentication method enabled in your service on ClearPass?  If yes, you should uncheck everything in that EAP-TLS authentication method until you have it working.

     



  • 3.  RE: Constantly getting EAP: Client doesn't support configured EAP methods in CP 6.6
    Best Answer

    Posted Oct 16, 2016 05:26 PM

    Hi Colin,

     

     Thanks for your resposne, It is resolved. It was an issue with thier CA and the Certificates pushed out to the users.

     

    Regards,

     

    Marc