10-08-2015 10:23 AM
i'm testing CPPM 6.5 onboarding with the provided templates (3 services).
Andirod and iOS worked find as using EAP-TLS.
But the windows mechine failed the second RADIUS authentication after provisioning. QuickConnect uses PEAP and MSCHAPv2 for windows and CPPM didn't choose [onboard device repository] as the authentication source although it has been configured in the service. Instead, it uses the AD with the unique credential, 'username:26:OnboardDevice' as full username in my case, and it fails...
RADIUS return Err 216.
|RADIUS||MSCHAP: AD status:Logon failure (0xc000006d)|
MSCHAP: AD status:Logon failure (0xc000006d)
MSCHAP: Authentication failed
EAP-MSCHAPv2: User authentication failure
on the onboard side, i've seen the device been onboarded and cert has been issued.
anyone has the similar problem and know how to solve this?
Solved! Go to Solution.
10-08-2015 10:28 AM
10-08-2015 10:37 AM
Windows 7 Service Pack 1
it's recognized correctly on the onborad side.
but it show
on the policy manger side.
10-08-2015 10:57 AM
i think the unique credential option - PEAP for windows is the default configure.
when i changed it to TLS, it works fine.because it always hit the first enforcement conditions, which just check the authentication method.
below is my 802.1x service configure, which is pretty much the default.
anyway, PEAP should work as well...
10-08-2015 11:13 AM - edited 10-08-2015 11:15 AM
Can you post a screenshot of the access tracker request tabs?
10-08-2015 11:23 AM
10-08-2015 11:35 AM
yep! it works without the strip username rules.
it's just a testing environment but it's good to know the trick.
would this be improved in the future release?
anyway, thank you Tim for your help and quick response!!
10-08-2015 11:39 AM