Security

Reply
Contributor II
Posts: 42
Registered: ‎05-06-2013

EAP-PEAP: fatal alert by client - access_denied

Hello,

 

We have started experiencing an issue where some users are not able to log onto the wireless their access is rejected with the following error in the access tracker;

 

EAP-PEAP: fatal alert by client - access_denied

 

any ideas regarding what the cause maybe would be appreciated. 

 

cheers

 

Andy

Frequent Contributor II
Posts: 113
Registered: ‎11-27-2012

Re: EAP-PEAP: fatal alert by client - access_denied

Are these windows clients?

If so, you could check the client's Event log in the Security folder to see if you can get any more info. what you are looking for are Audit Failure entries.

-----------------------------------
-ACMX #352-
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Aruba Employee
Posts: 148
Registered: ‎11-25-2009

Re: EAP-PEAP: fatal alert by client - access_denied

Hi, 

 

Can you let us know what version of CPPM you are running, what type of devices and OS version. 

How many clients are facing this issue and do we have any similarity between them ?

 

 what type of  server certificate you are using and is the ROOTCA is trusted on clients ?

Vinod Kumaar AVM ACMX, ACDX
Principal Network Engineer
Customer Advocacy | Aruba Networks Inc.

Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
Contributor II
Posts: 42
Registered: ‎05-06-2013

Re: EAP-PEAP: fatal alert by client - access_denied

hi

 

the cppm version is 6.1.0.50820 and the clients are all Windows 7.

 

The server cert is a wildcard cert and signed by Thawte.

 

Again some stations/users can authenticate but not others. I dont have access to event logs etc at the minute.

 

 

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: EAP-PEAP: fatal alert by client - access_denied

Most likely the device doesn't trust the full chain or I have seen some windows devices do not like wild card certs you will need to search Microsoft's kb.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor II
Posts: 42
Registered: ‎05-06-2013

Re: EAP-PEAP: fatal alert by client - access_denied

I tried setting the P-EAP setting to not validate the server cert and the behavior was the same.

 

Also I think all our windows builds are the same, except for the domain they originally logged onto (due to a merger of three separate businesses) but am waiting for confirmation of that.

 

 

Aruba Employee
Posts: 148
Registered: ‎11-25-2009

Re: EAP-PEAP: fatal alert by client - access_denied

Saw the below response from a MSFT expert forum, 

 

http://technet.microsoft.com/en-US/cc730460

Sam Salhi [MSFT] (Expert):
Q:
 is it possible for me to use a 3rd party certificate with EAP server? Can I use wildcard certificates?
A: However, Wildcard certificates are not allowed

Vinod Kumaar AVM ACMX, ACDX
Principal Network Engineer
Customer Advocacy | Aruba Networks Inc.

Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
Contributor II
Posts: 42
Registered: ‎05-06-2013

Re: EAP-PEAP: fatal alert by client - access_denied

thanks for that;

 

back to the drawing board...

 

Contributor II
Posts: 44
Registered: ‎08-08-2013

Re: EAP-PEAP: fatal alert by client - access_denied

I don't think that's completely accurate.  I'm testing a new CPPM deployment right now, and I get this error when authenticating to an HP access point/controller.  Using the very same laptop to authenticate to an Aruba AP and controller works fine.  I am using a wildcard cert.

Search Airheads
Showing results for 
Search instead for 
Did you mean: