Thank you for the suggestion. Upon closer inspection, it turned out that there was no User Certificate being pushed down to the test client PC, due to the Active Directory OU in which the PC resided in. After moving the PC into the correct OU, and going a GPO update, the User Certificate was then applied, and 802.1x authentication is working for both Computer and User Authentication.
Original Message:
Sent: Nov 30, 2024 03:43 AM
From: OS66
Subject: 802.1x Failing After User Login
Hello gmann101 ,please check for user certificate is it presented there . AFter you clarify this change adapter setting to user authentication . Ans see what will happen and provide a screenshot .
Original Message:
Sent: Nov 29, 2024 08:08 PM
From: gmann101
Subject: 802.1x Failing After User Login
OS66 - I checked for local computer certificates, and there is one there. I also disabled the GPO for this machine, and manually went into the NIC adapter setting and changed the setting for authentication mode to "Computer Authentication" only. Following this, I re-started, and signed back into the PC, and was not disconnected thereafter.
So machine authentication appears to work, but not user authentication. What might the next step be to troubleshoot this further?
Original Message:
Sent: Nov 28, 2024 01:21 AM
From: OS66
Subject: 802.1x Failing After User Login
Hello gmann101 , What we see is the for whatever reason the machine not propagate the username .That's why it not trigger dot1x service . Personally i would check if on the machine under the user personal certificates there is user cert on it --->if it is there next step i would change adapter setting to user authentication only and check how it would go .
Original Message:
Sent: Nov 27, 2024 07:21 PM
From: gmann101
Subject: 802.1x Failing After User Login
Herman, I took a look at the Input Tab for the failed request, and I show the following Computed attributes:
I see that the username is being computed as a MAC address, which does not look right to me. Could this be an issue with how CPPM is fetching attributes from within Active Directory?
Under my Authentication Source for AD, I show the following query set:
Original Message:
Sent: Nov 27, 2024 03:41 AM
From: Herman Robers
Subject: 802.1x Failing After User Login
Failed to classify request to service means that there was no matching Service in ClearPass for that request.
The Input tab for the failing request may show the request attributes, from there you could check your service matches to find out why there is no match. It may be that your client doesn't have a client certificate for user authentication, or isn't configured correctly to find the client certificate for use authentication, and Windows drops back to unauthenticated access which then attempts MAC authentication from the switch.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Nov 26, 2024 05:30 PM
From: gmann101
Subject: 802.1x Failing After User Login
Hi everyone. I am encountering an issue where a PC is failing 802.1x authentication once a test user signs into it. According to the access tracker, the PC passes the EAP TLS authentication, and the correct cert is being pushed down to the machine via Group Policy, but once a user has signed in, I immediately see REJECT message.