Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Onguard testing

This thread has been viewed 0 times

  • 1.  Onguard testing

    Posted Jan 30, 2014 09:50 PM

    Hi there,

     

    I'm testing onboarding but keep getting this error:

     

    EAP-PEAP: fatal alert by client - access_denied

     

    Any suggestions what may be the cause or what I may not have configure corectly?

     

    Thanks.



  • 2.  RE: Onguard testing

    EMPLOYEE
    Posted Jan 30, 2014 09:52 PM
    We're going to need more information. What type of device
    CPPM version
    Do you have a publicly signed cert
    Etc

    The error you have means the client do sent trust the server cert


  • 3.  RE: Onguard testing

    Posted Jan 30, 2014 10:09 PM
    What type of device: laptop
    CPPM version: 6.2.4.55896
    Do you have a publicly signed cert: yes we do.


    We have 2 SSIDs, Nexus (for guest) and Kumul (for staff)

    When I try to onboard someone this is what happens.


    1. Connect to Nexus SSID.

    2. Download quick connect app.

    3. Run the app.

    4. Enter credentials.

    5. Message on the app: Configuring your system….your system has been successfully configured...you can connect to the secure network Kumul or click Finish to exit.

    6. A) I click connect and get the message: authentication in progress (on the app) + pop up message on windows “additional information is needed to kumul”
    After a little while message on app is: could not authenticate with wireless network and then another message says: Error, quick connect encountered an error condition. The log for your configuration session can be found here(refer attached).

    B) If I just finish and then later click on ssid Kumul, I get msg: Network Authentication, please enter user credentials.

    I. When user credentials entered

    II. Pop up message: windows was unable to connect to Kumul

    ***On CPPM, I see the device under: Identity>Onboard devices
    Under live monitoring>Access tracker, login has been rejected, Alert for this request: EAP-PEAP: fatal alert by client - access_denied. (this is a new laptop Im trying to onboard, on my laptop, I deleted the installed certificates but issue still exists)





    Remigius Ketoma

    Graduate Network Engineer | Information Technology | Telikom PNG Limited

    d: +675 3005102 | m: +675 77583257 | f: +675 3259590 | e: remigius.ketoma@telikompng.com.pg



    [cid:image09c613.JPG@4e6ec3db.49991bc4]

    [cid:image926c7c.GIF@2d2a80c3.4db3a4e1]Please consider the environment before printing this email message.



















































    This e-mail and any attachments may contain confidential and
    privileged information. If you are not the intended recipient,
    please notify the sender immediately by return e-mail, delete this
    e-mail and destroy any copies. Any dissemination or use of this
    information by a person other than the intended recipient is
    unauthorized and may be illegal.


  • 4.  RE: Onguard testing

    EMPLOYEE
    Posted Jan 30, 2014 10:21 PM

    Ok so Im a little confused here.

     

    Are you onboarding and or using quick connect?

     

    If your onboarding are you handing out a TLS cert or just doing PEAP. 

     

    If its just PEAP you might just have a trust issue since you are using a publicly signed cert. You will need to either combine the cert with the root and intermediate like Pic 1 or you need to just add all the certs in the trust settings in pic 2

     

    crt1.png

     

    crt2.png