HI All,
I'm have a CPPM 6.2 installation currently working nicely just doing 802.1x with PEAP-MSCHAPv2 authentication against AD.
The server has a public certificate installed for terminating the Radius (Entrust).
I'd like to try and get a small group of devices onboarded and i think i've got the setup fairly close to right, i am using a self signed internal CA and have setup the provisioning profiles to connect using TLS.
The issue i'm having is when i try and onboard a Windows device, it successfully onboards however when it switches over to the TLS authentication afterwards, it fails to logon with the following error in the access tracker. Anybody got any ideas where to start here?
My assumption is that the TLS authentication should be checked against the onboard repository and not the AD server?
RADIUS | [Onboard Devices Repository] - localhost: User not found. EAP-TLS: fatal alert by client - access_denied |