Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Password expiration/change prompt on PEAP-MSCHAPv2 challenge

This thread has been viewed 1 times

  • 1.  Password expiration/change prompt on PEAP-MSCHAPv2 challenge

    Posted Mar 13, 2018 04:33 PM

    When authenticating via PEAP-MSCHAPv2 to Clearpass Policy Manager and authenticating via LDAP, when the password changes in LDAP, the user is not told that their password is incorrect and is not asked to retry. Instead the authentication simply fails. On Windows 10 1709 the response is "Can't connect to this network". Authentication also fails on MacOS 10.13.3 with no prompt to retype the password.

     

    The only known fix is to remove the network profile on the client completely.

     

    A similar issue is outlined here: https://github.com/FreeRADIUS/freeradius-server/issues/1762

     

    Is there a certain configuration that would re-prompt for an updated challenge? Is this expected behavior?



  • 2.  RE: Password expiration/change prompt on PEAP-MSCHAPv2 challenge

    Posted Feb 20, 2019 02:38 PM

    I see this is an old thread but was wondering if you ever resolved this either elsewhere on the community or what Aruba TAC?



  • 3.  RE: Password expiration/change prompt on PEAP-MSCHAPv2 challenge

    Posted Feb 20, 2019 02:54 PM
    Unfortunately we gave up trying and now work around it by removing and re-adding the profile on each machine.