Windows XP clients with valid machine certificates can't authenticate via 802.1x to Clearpass. Windows 7 clients with the same configuration (that I can tell) can connect and authenticate via 802.1x to Clearpass. I do not see any logs on Clearpass when the XP clients try to connect to the SSID and with a wireshark capture I see an EAP Failure with Code #4. Any thoughts or ideas on why the XP clients can't connect/authenticate in this method?
I would like to add this screenshot from the wireshark capture. The first group of EAP messages is between the client and the IAP (VPN) and the second is between the same client and our Campus AP. The campus AP is also WPA2-Enterprise using 802.1x via AD not clearpass. Looks like there is a key exchange that doesn't happen with the IAP setup.
Hey Victor long time no talk. This is Chris Shopp from Carestream!
This is EAP-TLS using the machine certificate issued by our ICA. Logs are attached and scrubbed, so the x.x.x.x is an actual IP and the username is an actual username.
This is an IAP with IPSEC tunneling to the controller (over the internet) Pre-shared keys are good to go and Windows 7 machines authenticate with no problem. We are not using Clearpass to authenticate Campus SSIDs (we are using AD only).
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.