Ok - finally getting some time to look at this - SELinux was not installed - I did install it - but still am not having any luck getting the VIA client to connect. It connects for about 2 seconds and then disconnects - sometimes it doesn't even show up on the Clearpass server - it's awesome - but anyway - here's the logs from a connection:
Request log details for session: R00000dce-01-531a2d88
Time Message
2014-03-07 13:35:20,533 [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_service: Starting Service Categorization - 255:164:xx.xx.xx.xx
2014-03-07 13:35:20,533 [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - The attribute xx.xx.xx.xx does not contain MAC Address
2014-03-07 13:35:20,538 [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7699 h=79 r=R00000dce-01-531a2d88] INFO Core.ServiceReqHandler - Service classification result = VIAVpn-TLS
2014-03-07 13:35:20,539 [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_service: The request has been categorized into service "VIAVpn-TLS"
2014-03-07 13:35:20,539 [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_sql: searching for user username in Local:localhost
2014-03-07 13:35:20,539 [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_ldap: searching for user username in AD:dcname.domain.local
2014-03-07 13:35:20,541 [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_ldap: found user username in AD:dcname.domain.local
2014-03-07 13:35:20,541 [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_ldap: authenticating "username"
2014-03-07 13:35:25,551 [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_ldap: user username authenticated succesfully
2014-03-07 13:35:25,551 [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_policy: Starting Policy Evaluation.
2014-03-07 13:35:25,551 [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - The attribute xx.xx.xx.xx does not contain MAC Address
2014-03-07 13:35:25,555 [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] WARN Common.MacAddrAttrProvider - HostMac missing, not populating different mac representations
2014-03-07 13:35:25,555 [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO TAT.TagAttrTableUtil - buildTagAttrTableInput: Connection:Client-Mac-Address is not found
2014-03-07 13:35:25,555 [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO Common.TagDefinitionCacheTable - No InstanceTagDefCacheMap found for instance id = 3001 entity id = 29
2014-03-07 13:35:25,555 [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO Common.TagDefinitionCacheTable - Building the TagDefMapTable for NAD instance=3001
2014-03-07 13:35:25,555 [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO Common.TagDefinitionCacheTable - Built 0 tag(s) for NAD instanceId=3001|entityId=29
2014-03-07 13:35:25,555 [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO TAT.TagAttrHolderBuilder - No tags built for instanceId=3001|entity=Device
2014-03-07 13:35:25,555 [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO TAT.AluTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL AuthLocalUser)
2014-03-07 13:35:25,555 [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO TAT.GuTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL GuestUser)
2014-03-07 13:35:25,555 [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO TAT.EndpointTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL Endpoint)
2014-03-07 13:35:25,555 [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO TAT.OnboardTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL Onboard Device User)
2014-03-07 13:35:25,556 [RequestHandler-1-0x7f3304761700 h=62148 c=R00000dce-01-531a2d88] INFO Core.PETaskScheduler - *** PE_TASK_SCHEDULE_RADIUS Started ***
2014-03-07 13:35:25,556 [RequestHandler-1-0x7f3304761700 h=62149 c=R00000dce-01-531a2d88] WARN REC.EvaluatorCtx - Prerequisites set is empty, not populating the Request Map
2014-03-07 13:35:25,557 [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(&(sAMAccountName=%{Host:Name}$)(objectClass=computer)), error=No values for param=Host:Name
2014-03-07 13:35:25,557 [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Ldap.LdapQuery - execute: Failed to construct filter=(&(sAMAccountName=%{Host:Name}$)(objectClass=computer))
2014-03-07 13:35:25,557 [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(&(sAMAccountName=%{Onboard:Owner})(objectClass=user)), error=No values for param=Onboard:Owner
2014-03-07 13:35:25,557 [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Ldap.LdapQuery - execute: Failed to construct filter=(&(sAMAccountName=%{Onboard:Owner})(objectClass=user))
2014-03-07 13:35:25,557 [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(distinguishedName=%{Onboard memberOf}), error=No values for param=Onboard memberOf
2014-03-07 13:35:25,557 [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Ldap.LdapQuery - execute: Failed to construct filter=(distinguishedName=%{Onboard memberOf})
2014-03-07 13:35:25,557 [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Ldap.LdapQuery - Failed to get value for attributes=HostName, OSServicePack, Onboard Groups, OperatingSystem]
2014-03-07 13:35:25,558 [RequestHandler-1-0x7f3304761700 h=62150 c=R00000dce-01-531a2d88] INFO Core.PETaskRoleMapping - Roles: User Authenticated]
2014-03-07 13:35:25,559 [RequestHandler-1-0x7f3304761700 h=62153 c=R00000dce-01-531a2d88] INFO Core.PETaskEnforcement - EnfProfiles: Allow Access Profile]
2014-03-07 13:35:25,559 [RequestHandler-1-0x7f3304761700 h=62158 c=R00000dce-01-531a2d88] INFO Core.PETaskGenericEnfProfileBuilder - getApplicableProfiles: No App enforcement (Generic) profiles applicable for this device
2014-03-07 13:35:25,559 [RequestHandler-1-0x7f3304761700 h=62157 c=R00000dce-01-531a2d88] WARN Core.PETaskPostAuthEnfProfileBuilder - No client macaddress found in the request
2014-03-07 13:35:25,559 [RequestHandler-1-0x7f3304761700 h=62157 c=R00000dce-01-531a2d88] WARN Core.PETaskPostAuthEnfProfileBuilder - startHandler: Failed to fetch NAutz attributes
2014-03-07 13:35:25,560 [RequestHandler-1-0x7f3304761700 h=62155 c=R00000dce-01-531a2d88] WARN Core.PETaskRadiusCoAEnfProfileBuilder - No client key found for session lookup
2014-03-07 13:35:25,560 [RequestHandler-1-0x7f3304761700 h=62155 c=R00000dce-01-531a2d88] WARN Core.PETaskRadiusCoAEnfProfileBuilder - startHandler: Failed to fetch NAutz attributes
2014-03-07 13:35:25,560 [RequestHandler-1-0x7f3304761700 h=62154 c=R00000dce-01-531a2d88] INFO Core.PETaskRadiusEnfProfileBuilder - EnfProfileAction=ACCEPT
2014-03-07 13:35:25,560 [RequestHandler-1-0x7f3304761700 h=62154 c=R00000dce-01-531a2d88] INFO Core.PETaskRadiusEnfProfileBuilder - Radius enfProfiles used: Allow Access Profile]
2014-03-07 13:35:25,560 [RequestHandler-1-0x7f3304761700 h=62154 c=R00000dce-01-531a2d88] INFO Core.EnfProfileComputer - getFinalSessionTimeout: sessionTimeout = 0
2014-03-07 13:35:25,561 [RequestHandler-1-0x7f3304761700 h=62159 c=R00000dce-01-531a2d88] INFO Core.PETaskCliEnforcement - startHandler: No commands for CLI enforcement
2014-03-07 13:35:25,564 [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_policy: Received Accept Enforcement Profile
2014-03-07 13:35:25,564 [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_policy: Added Class attribute with value Class = 0xf65c0316a22d463186d437b695b78a11bd0b0000000000005230303030306463652d30312d35333161326438380000000000000000000000
2014-03-07 13:35:25,564 [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_policy: Policy Server reply does not contain Posture-Validation-Response
2014-03-07 13:35:25,564 [RequestHandler-1-0x7f3304761700 h=62161 c=R00000dce-01-531a2d88] INFO Core.XpipPolicyResHandler - populateResponseTlv: PETaskPostureOutput does not exist. Skip sending posture VAFs
2014-03-07 13:35:25,564 [RequestHandler-1-0x7f3304761700 h=62161 c=R00000dce-01-531a2d88] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr
2014-03-07 13:35:25,564 [RequestHandler-1-0x7f3304761700 h=62160 c=R00000dce-01-531a2d88] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr
2014-03-07 13:35:25,564 [RequestHandler-1-0x7f3304761700 r=R00000dce-01-531a2d88 h=62148 c=R00000dce-01-531a2d88] INFO Core.PETaskScheduler - *** PE_TASK_SCHEDULE_RADIUS Completed ***
Not sure why it's not working - but I do see the message about HostMac missing, not populating different mac representations and wonder if when I manually created the cert on the ClearPass server if I did something wrong. The only mac that I included on the certificate with the wireless one and it looks like I really need both of them.
any thoughts, help or solutions are greatfully appreciated.
Lirria