05-08-2015 11:49 AM
So I'm working on just getting basic radius authentication working with Juniper's Junos Space product, where it has 3 protocol choices, PAP, CHAP, and MS-CHAPv2. I've pointed the box at ClearPass for authentication and Space indicates that is has a valid connection, but when I try to authenticate (using either local or AD accounts), I get errors.
If I'm using PAP or MS-CHAPv2, the error is "Cannot select appropriate authentication method" (the logs state "ERROR RadiusServer.Radius - rlm_auth_check: Auth-Type not set or authentication methods have not been configured. Rejecting it."), and if I'm using CHAP, the error is "CHAP: Clear text password not available"
Is the above an indication that Junos Space may not be passing the "Auth-Type" field in it's radius request?
I'm working with Juniper to get a copy of the raw radius request to look into what's going on but are there any thoughts on the Aruba side on what's going on here?
Solved! Go to Solution.
05-08-2015 11:53 AM - edited 05-08-2015 11:54 AM
The first message means that in your service, your service rules are too specific, or do not match your authentication, so your authentication request is classified incorrectly. What are the service rules under the service tab for your service?
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
05-08-2015 11:53 AM
This is all we needed to get it working. NAS-ID is the server name.
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
05-08-2015 12:15 PM
I figured out what the issue was. I had the authentication protocol set as "EAP MSCHAPv2" and Junos Space can't handle the EAP encapsulation. I noticed on cappalli's post that he was using MSCHAP as the auth protocol and enabled that protocol, and it then proceeded to work.