Security

Reply
Highlighted
New Contributor

Password expiration/change prompt on PEAP-MSCHAPv2 challenge

When authenticating via PEAP-MSCHAPv2 to Clearpass Policy Manager and authenticating via LDAP, when the password changes in LDAP, the user is not told that their password is incorrect and is not asked to retry. Instead the authentication simply fails. On Windows 10 1709 the response is "Can't connect to this network". Authentication also fails on MacOS 10.13.3 with no prompt to retype the password.

 

The only known fix is to remove the network profile on the client completely.

 

A similar issue is outlined here: https://github.com/FreeRADIUS/freeradius-server/issues/1762

 

Is there a certain configuration that would re-prompt for an updated challenge? Is this expected behavior?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: