Security

Reply
New Contributor

Constantly getting EAP: Client doesn't support configured EAP methods in CP 6.6

Hi,

 

I am having an issue with CP 6.6 around EAP TLS. below is a log from the client, the only method of connection configured under the service is EAP-TLS, when using EAP PEAP and the clients credintials everything authenicates perfectly against AD.

 

The Client has been setup to use EAP TLS as a manually connection with computer authenication. I have tested on mutliple windows 7 PC and the same issue. has anyone seen anything similar before?

 

 

2016-10-07 15:28:17,723[Th 41 Req 10410 SessId R00000509-01-57f72461] INFO RadiusServer.Radius - rlm_service: Starting Service Categorization - 69:330:c4-d9-87-da-a5-8e
2016-10-07 15:28:17,725[RequestHandler-1-0x7f4854be5700 r=psauto-1474263806-2582 h=223 r=R00000509-01-57f72461] INFO Core.ServiceReqHandler - Service classification result = ASNSW-EAP-TLS
2016-10-07 15:28:17,726[Th 41 Req 10410 SessId R00000509-01-57f72461] INFO RadiusServer.Radius - Service Categorization time = 1 ms
2016-10-07 15:28:17,726[Th 41 Req 10410 SessId R00000509-01-57f72461] INFO RadiusServer.Radius - rlm_service: The request has been categorized into service "Test-EAP-TLS"
2016-10-07 15:28:17,726[Th 41 Req 10410 SessId R00000509-01-57f72461] INFO RadiusServer.Radius - rlm_ldap: searching for user host/CNU4238VC8.******.au in AD:ABCZHQ-DC-01.******.au
2016-10-07 15:28:17,734[Th 41 Req 10410 SessId R00000509-01-57f72461] INFO RadiusServer.Radius - rlm_ldap: found user host/CNU4238VC8.******.au in AD:ABCZHQ-DC-01.*******.au
2016-10-07 15:28:17,734[Th 41 Req 10410 SessId R00000509-01-57f72461] INFO RadiusServer.Radius - LDAP/AD User lookup time = 8 ms
2016-10-07 15:28:17,734[Th 41 Req 10410 SessId R00000509-01-57f72461] INFO RadiusServer.Radius - rlm_eap_tls: Initiate
2016-10-07 15:28:17,734[Th 41 Req 10410 SessId R00000509-01-57f72461] INFO RadiusServer.Radius - reqst_update_state: Access-Challenge 69:88:c4-d9-87-da-a5-8e:ABYABwAwAKeqKAAAt77YOwPSnVgtqdsSIYX/3w==
2016-10-07 15:28:17,736[Th 42 Req 10411 SessId R00000509-01-57f72461] INFO RadiusServer.Radius - rlm_service: The request was categorized into service "Test-EAP-TLS" - 70:337:c4-d9-87-da-a5-8e
2016-10-07 15:28:17,736[Th 42 Req 10411 SessId R00000509-01-57f72461] ERROR RadiusServer.Radius - rlm_eap: Client doesn't support any method that we require. Rejecting client.

Regards,

 

Marc

Guru Elite

Re: Constantly getting EAP: Client doesn't support configured EAP methods in CP 6.6

1.  What CA issued the client certificate?  Does ClearPass have a copy of the CA certificate in trusted certificates?

2.  Do you have an EAP-TLS authentication method enabled in your service on ClearPass?  If yes, you should uncheck everything in that EAP-TLS authentication method until you have it working.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Constantly getting EAP: Client doesn't support configured EAP methods in CP 6.6

Hi Colin,

 

 Thanks for your resposne, It is resolved. It was an issue with thier CA and the Certificates pushed out to the users.

 

Regards,

 

Marc

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: