Is this for all devices? The block cipher pad message indicates that unsupported crypto algorithms are tried, like very old and insecure.
Could it be that you enabled FIPS mode on ClearPass?
This message seems not too common, I would recommend you to open a TAC support case to get it investigated.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------
Original Message:
Sent: Jan 04, 2021 11:42 AM
From: brahim abdelouahab
Subject: Clearpass : authentification failed, block cipher pad is wrong
Hello,
From time to time we have a failed 802.1x (authentication with locals users in clearpass)
Authentication method : EAP-GTC
Can you please identify the problem ?
Here is the log in clearpass :
| 2021-01-04 15:38:48,776 | [Th 23154 Req 98134906 SessId R01490e93-03-5ff32878] INFO RadiusServer.Radius - TLS_accept:error in SSLv3 read finished A |
| 2021-01-04 15:38:48,776 | [Th 23154 Req 98134906 SessId R01490e93-03-5ff32878] INFO RadiusServer.Radius - TLS_accept:error in SSLv3 read finished A |
| 2021-01-04 15:38:48,776 | [Th 23154 Req 98134906 SessId R01490e93-03-5ff32878] INFO RadiusServer.Radius - reqst_update_state: Access-Challenge 240:230:8c-27-8a-04-f2-46:AEEA7ADbABt6a9kFIjs44DE7GfnWN1beNauzxQ== |
| 2021-01-04 15:38:48,797 | [Th 23160 Req 98134910 SessId R01490e93-03-5ff32878] INFO RadiusServer.Radius - rlm_service: The request was categorized into service "Service Authentication 802.1X Globale" - 241:371:8c-27-8a-04-f2-46 |
| 2021-01-04 15:38:48,797 | [Th 23160 Req 98134910 SessId R01490e93-03-5ff32878] INFO RadiusServer.Radius - rlm_eap_peap: Session established. |
| 2021-01-04 15:38:48,797 | [Th 23160 Req 98134910 SessId R01490e93-03-5ff32878] INFO RadiusServer.Radius - rlm_eap_peap: Skipping Phase2 because of session resumption & fast reconnect. |
| 2021-01-04 15:38:48,797 | [Th 23160 Req 98134910 SessId R01490e93-03-5ff32878] INFO RadiusServer.Radius - reqst_update_state: Access-Challenge 241:125:8c-27-8a-04-f2-46:AOoACAAwAIp+a9kFyqvpPugxTUiov/hjz+tqEQ== |
| 2021-01-04 15:39:19,473 | [Th 23152 Req 98135839 SessId R01490e93-03-5ff32878] INFO RadiusServer.Radius - rlm_service: The request was categorized into service "Service Authentication 802.1X Globale" - 26:437:8c-27-8a-04-f2-46 |
| 2021-01-04 15:39:19,473 | [Th 23152 Req 98135839 SessId R01490e93-03-5ff32878] ERROR RadiusServer.Radius - TLS Alert write:fatal:decryption failed |
| 2021-01-04 15:39:19,473 | [Th 23152 Req 98135839 SessId R01490e93-03-5ff32878] INFO RadiusServer.Radius - rlm_eap_tls: SSL_read Error |
| 2021-01-04 15:39:19,473 | [Th 23152 Req 98135839 SessId R01490e93-03-5ff32878] ERROR RadiusServer.Radius - rlm_eap_tls: rlm_eap_tls: failed in a system call (-1), TLS session fails. error:1408F081:SSL routines:SSL3_GET_RECORD:block cipher pad is wrong |
| 2021-01-04 15:39:19,473 | [Th 23152 Req 98135839 SessId R01490e93-03-5ff32878] INFO RadiusServer.Radius - rlm_policy: Starting Policy Evaluation. |
| 2021-01-04 15:39:19,477 | [RequestHandler-1-0x7f08c93e9700 r=psauto-1595800274-43146222 h=655 r=R01490e93-03-5ff32878] INFO Common.EndpointTable - Returning NULL (EndpointPtr) for macAddr 8c278a04f246 |
Thank you,