I have an 802.1X wireless configuration in Clearpass. CPPM is also joined to an AD server. When I do RadiusAuth simulation with PAP it passes. When done with MSCHAP it fails. When I do a AAA test from the controller with PAP, it passes. When done with MSCHAPv2 it fails. The service is defined to allow the following authentication methods: 1. [EAP PEAP], 5. [CHAP], 6. [MSCHAP], 7. [EAP MSCHAPv2], 8. [PAP]. PAP and MSCHAP both work when using Local Identity store in Clearpass.
CPPM is using a copy of the admin account with the same group memberships as the admin account. Bind is enabled.
The following is the output from the failed simulation attempt. It appears that Clearpass or AD is ignoring the attempt when MSCHAP is used and therefore the simulated client retries.
MS-CHAP-Challenge = 0x76fa9993c9e70ca0e386617751ae8f4d
MS-CHAP2-Response = 0x0000c377cf1c31962db7de4fe706179cd4f90000000000000000487590fae48582f35f8aa31dbda1225949e2ef6dddcdec89
Re-sending Access-Request of id 157 to 127.0.0.1 port 1812
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
User-Name = "xxx"
Auth-Simulation-Id = "de74147c-0689-4684-a7f9-c05663d62530"
MS-CHAP-Challenge = 0x76fa9993c9e70ca0e386617751ae8f4d
MS-CHAP2-Response = 0x0000c377cf1c31962db7de4fe706179cd4f90000000000000000487590fae48582f35f8aa31dbda1225949e2ef6dddcdec89
Re-sending Access-Request of id 157 to 127.0.0.1 port 1812
Any help with why MSCHAPv2 is failing would be appreciated.
Thanks.