Hello,
After upgrading ClearPass from 6.4.3 to 6.5.5, all EAP-PEAP authentications are failing, even for domain machines. While EAP-TLS is working. Here are some of the logs:
INFO RadiusServer.Radius - rlm_mschap: Domain corpdomain.com from User-Name does not match domain CORP from Object SID
INFO RadiusServer.Radius - rlm_mschap: authenticating user LP14$, domain corpdomain.com
INFO RadiusServer.Radius - rlm_mschap: user LP14$ authentication failed
ERROR RadiusServer.Radius - rlm_mschap: AD status:Access denied (0xc0000022)
ERROR RadiusServer.Radius - rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
-----------------------------------------------------------------------------------------------------------------------
INFO RadiusServer.Radius - rlm_mschap: Using domain CORP from User-Name attribute
INFO RadiusServer.Radius - rlm_mschap: authenticating user username, domain CORP
INFO RadiusServer.Radius - rlm_mschap: user username, authentication failed
ERROR RadiusServer.Radius - rlm_mschap: AD status:Access denied (0xc0000022)
ERROR RadiusServer.Radius - rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Tried to make Netbios name equal to domain name, enabling user-stripping, enabling always using Netbios name.. No luck
Any ideas?
Thanks