Hi
Based on the description of your problem try to check the 802.1x profiles for the machine authentication and compare it with the working 802.1x profile for the user authentication.
Most likely you have an issue in the machine authentication profile with the certificate trust or the name in the certificate.
This certificate causes the clients to not trust the Radius certificate and doesn't continue the authentication.
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Apr 22, 2024 03:14 AM
From: Jdayar
Subject: Machine Authentication Issue - Radius 9002
Hi
I had a successful POC with a client where machine auth was working, the same setup when replicated in production is not working. Machine Auth request timeouts with Radius 9002 code and Client could not complete EAP transaction.
I checked the logs where there is no response from NAS on access challenge for 50 sec resulting the dropping of that session. However from the same NAS, user auth is working fine on the same laptop. Since my policy needs to have both machine auth and user auth for specific role assignment. I want the machine auth to work.
I have searched the forum for all previous discussions on this error code etc. Nothing helpful could be found. In the POC I used a wildcard cert for Radius auth btw, which was switched to internal cert after I faced this issue based on some forum discussion. The new cert is not wildcard.
2024-04-21 17:55:00,848 | [Th 80 Req 660 SessId R00000049-01-662528c4] INFO RadiusServer.Radius - rlm_eap_mschapv2: Issuing Challenge |
2024-04-21 17:55:00,849 | [Th 80 Req 660 SessId R00000049-01-662528c4] INFO RadiusServer.Radius - reqst_update_state: Access-Challenge 238:162:A080691FAAD1:AO4AVACOAIGUAgAA/MSh7tm5pJckwKkpmwCi1g== |
2024-04-21 17:55:51,902 | [main SessId R00000049-01-662528c4] ERROR RadiusServer.Radius - reqst_clean_list: Deleting request sessid - R00000049-01-662528c4, state - AO4AVACOAIGUAgAA/MSh7tm5pJckwKkpmwCi1g= |
2024-04-21 17:55:51,902 | [main SessId R00000049-01-662528c4] ERROR RadiusServer.Radius - reqst_clean_list: Packet 231:234:131:A080691FAAD1 recv 1713711300.776859 - resp 1713711300.783835 |
2024-04-21 17:55:51,902 | [main SessId R00000049-01-662528c4] ERROR RadiusServer.Radius - reqst_clean_list: Packet 232:254:88:A080691FAAD1 recv 1713711300.789538 - resp 1713711300.790858 |
2024-04-21 17:55:51,902 | [main SessId R00000049-01-662528c4] ERROR RadiusServer.Radius - reqst_clean_list: Packet 233:511:1124:A080691FAAD1 recv 1713711300.799473 - resp 1713711300.804508 |
2024-04-21 17:55:51,902 | [main SessId R00000049-01-662528c4] ERROR RadiusServer.Radius - reqst_clean_list: Packet 234:254:1120:A080691FAAD1 recv 1713711300.812569 - resp 1713711300.813771 |
2024-04-21 17:55:51,902 | [main SessId R00000049-01-662528c4] ERROR RadiusServer.Radius - reqst_clean_list: Packet 235:254:789:A080691FAAD1 recv 1713711300.822085 - resp 1713711300.823176 |
2024-04-21 17:55:51,902 | [main SessId R00000049-01-662528c4] ERROR RadiusServer.Radius - reqst_clean_list: Packet 236:384:139:A080691FAAD1 recv 1713711300.832678 - resp 1713711300.834210 |
2024-04-21 17:55:51,902 | [main SessId R00000049-01-662528c4] ERROR RadiusServer.Radius - reqst_clean_list: Packet 237:254:122:A080691FAAD1 recv 1713711300.842318 - resp 1713711300.843246 |
2024-04-21 17:55:51,902 | [main SessId R00000049-01-662528c4] ERROR RadiusServer.Radius - reqst_clean_list: Packet 238:307:162:A080691FAAD1 recv 1713711300.847833 - resp 1713711300.849257 |