So I've watched Herman's videos on this, as well as followed the instructions here: [Tutorial] - Clearpass Authentication using EAP-TEAP (EAP-Chaining) | Security (arubanetworks.com)
But I am having the hardest time getting TEAP working.
A few things on my setup:
- We already use EAP-TLS today with user and machine certs being pushed from SCEPman. Laptops joined to InTune. Everything works here. User cert passes the correct information as well as machine.
- We are Intune joined and have the v5 connector set up
- Running 6.10.8
I have my supplicant set up using the instructions in the link above. Except for my method 1 and 2, I choose "smart card or cert" as we have certs on these machines.
After configuring my laptop manually for TEAP, it will not connect. Access tracker still shows that it is trying to pass both "anonymous" as a username, as well as the name of the machine. Here are some screenshots:
These are the logs typically coming through when I try to connect.
Here's a log from one of the timeouts: I see it tries to lookup 'anonymous' in AD, which I don't want it to do. I saw someone mention using an enforcement profile to be able to retrieve the actual username being passed, but I haven't had much luck in that...is there a way to query for that username before authentication even tries to occur?
2023-03-04 20:42:40,413 [Th 3424 Req 3775419 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - rlm_service: Starting Service Categorization - 181:189:04EA5669411E
2023-03-04 20:42:40,416 [Th 3424 Req 3775419 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - Service Categorization time = 3 ms
2023-03-04 20:42:40,416 [Th 3424 Req 3775419 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - rlm_service: The request has been categorized into service "TEAP_TEST_Cert_Device_InTune_Aruba 802.1X Wireless Service"
2023-03-04 20:42:40,416 [RequestHandler-1-0x7ff4ba5d5700 r=psauto-1676955249-831939 h=223 r=R00053e89-03-640401a0] INFO Core.ServiceReqHandler - Service classification result = TEAP_TEST_Cert_Device_InTune_Aruba 802.1X Wireless Service
2023-03-04 20:42:40,417 [Th 3424 Req 3775419 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - rlm_ldap: searching for user anonymous in AD:172.x.x.x.
2023-03-04 20:42:40,417 [Th 3424 Req 3775419 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - rlm_ldap: searching for user anonymous in AD:172.x.x.x
2023-03-04 20:42:40,418 [Th 3424 Req 3775419 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - rlm_sql: searching for user anonymous in Local:localhost
2023-03-04 20:42:40,418 [Th 3424 Req 3775419 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - rlm_sql: found user anonymous in Local:localhost
2023-03-04 20:42:40,418 [Th 3424 Req 3775419 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - SQL User lookup time = 0 ms
2023-03-04 20:42:40,418 [Th 3424 Req 3775419 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - rlm_eap_tls: Initiate
2023-03-04 20:42:40,418 [Th 3424 Req 3775419 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - reqst_update_state: Access-Challenge 181:88:04EA5669411E:ALMAVgB8AEe7mzkA8M3T3YU57lcQc1GVwTttSQ==
2023-03-04 20:42:40,421 [Th 3423 Req 3775420 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - rlm_service: The request was categorized into service "TEAP_TEST_Cert_Device_InTune_Aruba 802.1X Wireless Service" - 189:223:04EA5669411E
2023-03-04 20:42:40,422 [Th 3423 Req 3775420 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - rlm_eap_teap: Initiate
2023-03-04 20:42:40,422 [Th 3423 Req 3775420 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - reqst_update_state: Access-Challenge 189:88:04EA5669411E:AEcAbQC3ACK8mzkAD7ZckUuftiZgMb0WpYoIVA==
2023-03-04 20:42:40,425 [Th 3426 Req 3775421 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - rlm_service: The request was categorized into service "TEAP_TEST_Cert_Device_InTune_Aruba 802.1X Wireless Service" - 46:376:04EA5669411E
2023-03-04 20:42:40,426 [Th 3426 Req 3775421 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - TLS_accept:error in SSLv3 read client key exchange A
2023-03-04 20:42:40,426 [Th 3426 Req 3775421 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - TLS_accept:error in SSLv3 read client key exchange A
2023-03-04 20:42:40,426 [Th 3426 Req 3775421 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - reqst_update_state: Access-Challenge 46:1124:04EA5669411E:AAkAOwBCALe9mzkA3O20OAInRCa+gj1T3m5X+A==
2023-03-04 20:42:40,433 [Th 3425 Req 3775422 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - rlm_service: The request was categorized into service "TEAP_TEST_Cert_Device_InTune_Aruba 802.1X Wireless Service" - 237:223:04EA5669411E
2023-03-04 20:42:40,433 [Th 3425 Req 3775422 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - reqst_update_state: Access-Challenge 237:1120:04EA5669411E:ACkAiQB5AIy+mzkA5PT+QEve1o3kWOcvnMSE/Q==
2023-03-04 20:42:40,439 [Th 3429 Req 3775423 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - rlm_service: The request was categorized into service "TEAP_TEST_Cert_Device_InTune_Aruba 802.1X Wireless Service" - 52:223:04EA5669411E
2023-03-04 20:42:40,439 [Th 3429 Req 3775423 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - reqst_update_state: Access-Challenge 52:1120:04EA5669411E:AOAAFwDkAN6/mzkAHizoF1iikDk5pmNy0246tQ==
2023-03-04 20:42:40,446 [Th 3427 Req 3775424 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - rlm_service: The request was categorized into service "TEAP_TEST_Cert_Device_InTune_Aruba 802.1X Wireless Service" - 58:223:04EA5669411E
2023-03-04 20:42:40,446 [Th 3427 Req 3775424 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - reqst_update_state: Access-Challenge 58:1120:04EA5669411E:AFMACgCWAKzAmzkACXmCA5jGjwKPjj6KLIR0ig==
2023-03-04 20:42:40,453 [Th 3428 Req 3775425 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - rlm_service: The request was categorized into service "TEAP_TEST_Cert_Device_InTune_Aruba 802.1X Wireless Service" - 229:223:04EA5669411E
2023-03-04 20:42:40,453 [Th 3428 Req 3775425 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - reqst_update_state: Access-Challenge 229:1120:04EA5669411E:AHMAnwDMAL7BmzkAX66/8j9yDuAEtydUfRjGGA==
2023-03-04 20:42:40,459 [Th 3424 Req 3775426 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - rlm_service: The request was categorized into service "TEAP_TEST_Cert_Device_InTune_Aruba 802.1X Wireless Service" - 200:223:04EA5669411E
2023-03-04 20:42:40,460 [Th 3424 Req 3775426 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - reqst_update_state: Access-Challenge 200:1096:04EA5669411E:ADQAuABOACzCmzkA/p5F0wpubG3Ip6bKK0pMQw==
2023-03-04 20:42:40,469 [Th 3423 Req 3775427 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - rlm_service: The request was categorized into service "TEAP_TEST_Cert_Device_InTune_Aruba 802.1X Wireless Service" - 63:349:04EA5669411E
2023-03-04 20:42:40,469 [Th 3423 Req 3775427 SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - reqst_update_state: Access-Challenge 63:330:04EA5669411E:AKQAwQDWANjDmzkAku+MhCLot8HwOz2bp6E+sw==
2023-03-04 20:43:28,550 [main SessId R00053e89-03-640401a0] ERROR RadiusServer.Radius - reqst_clean_list: Deleting request sessid - R00053e89-03-640401a0, state - AKQAwQDWANjDmzkAku+MhCLot8HwOz2bp6E+sw=
2023-03-04 20:43:28,550 [main SessId R00053e89-03-640401a0] ERROR RadiusServer.Radius - reqst_clean_list: Packet 181:189:88:04EA5669411E recv 1677984160.413057 - resp 1677984160.418760
2023-03-04 20:43:28,550 [main SessId R00053e89-03-640401a0] ERROR RadiusServer.Radius - reqst_clean_list: Packet 189:223:88:04EA5669411E recv 1677984160.421763 - resp 1677984160.422113
2023-03-04 20:43:28,550 [main SessId R00053e89-03-640401a0] ERROR RadiusServer.Radius - reqst_clean_list: Packet 46:376:1124:04EA5669411E recv 1677984160.425500 - resp 1677984160.426946
2023-03-04 20:43:28,550 [main SessId R00053e89-03-640401a0] ERROR RadiusServer.Radius - reqst_clean_list: Packet 237:223:1120:04EA5669411E recv 1677984160.433115 - resp 1677984160.433418
2023-03-04 20:43:28,550 [main SessId R00053e89-03-640401a0] ERROR RadiusServer.Radius - reqst_clean_list: Packet 52:223:1120:04EA5669411E recv 1677984160.439585 - resp 1677984160.439891
2023-03-04 20:43:28,550 [main SessId R00053e89-03-640401a0] ERROR RadiusServer.Radius - reqst_clean_list: Packet 58:223:1120:04EA5669411E recv 1677984160.446575 - resp 1677984160.446872
2023-03-04 20:43:28,550 [main SessId R00053e89-03-640401a0] ERROR RadiusServer.Radius - reqst_clean_list: Packet 229:223:1120:04EA5669411E recv 1677984160.453218 - resp 1677984160.453553
2023-03-04 20:43:28,550 [main SessId R00053e89-03-640401a0] ERROR RadiusServer.Radius - reqst_clean_list: Packet 200:223:1096:04EA5669411E recv 1677984160.459838 - resp 1677984160.460142
2023-03-04 20:43:28,550 [main SessId R00053e89-03-640401a0] ERROR RadiusServer.Radius - reqst_clean_list: Packet 63:349:330:04EA5669411E recv 1677984160.468916 - resp 1677984160.469535
2023-03-04 20:43:28,550 [main SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - rlm_policy: Starting Policy Evaluation.
2023-03-04 20:43:28,552 [RequestHandler-1-0x7ff4ba5d5700 r=psauto-1676955249-831952 h=239 r=R00053e89-03-640401a0] INFO Common.EndpointTable - Returning EndpointSPtr for macAddr 04ea5669411e
2023-03-04 20:43:28,552 [RequestHandler-1-0x7ff4ba5d5700 r=psauto-1676955249-831952 h=239 r=R00053e89-03-640401a0] INFO Common.TagDefinitionCacheTable - No InstanceTagDefCacheMap found for instance id = 3005 entity id = 29
2023-03-04 20:43:28,552 [RequestHandler-1-0x7ff4ba5d5700 r=psauto-1676955249-831952 h=239 r=R00053e89-03-640401a0] INFO Common.TagDefinitionCacheTable - Building the TagDefMapTable for NAD instance=3005
2023-03-04 20:43:28,552 [RequestHandler-1-0x7ff4ba5d5700 r=psauto-1676955249-831952 h=239 r=R00053e89-03-640401a0] INFO Common.TagDefinitionCacheTable - Built 0 tag(s) for NAD instanceId=3005|entityId=29
2023-03-04 20:43:28,552 [RequestHandler-1-0x7ff4ba5d5700 r=psauto-1676955249-831952 h=239 r=R00053e89-03-640401a0] INFO TAT.TagAttrHolderBuilder - No tags built for instanceId=3005|entity=Device
2023-03-04 20:43:28,552 [RequestHandler-1-0x7ff4ba5d5700 r=psauto-1676955249-831952 h=239 r=R00053e89-03-640401a0] INFO TAT.AluTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL AuthLocalUser)
2023-03-04 20:43:28,552 [RequestHandler-1-0x7ff4ba5d5700 r=psauto-1676955249-831952 h=239 r=R00053e89-03-640401a0] INFO TAT.GuTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL GuestUser)
2023-03-04 20:43:28,552 [RequestHandler-1-0x7ff4ba5d5700 r=psauto-1676955249-831952 h=239 r=R00053e89-03-640401a0] INFO TAT.OnboardTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL Onboard Device User)
2023-03-04 20:43:28,552 [RequestHandler-1-0x7ff4ba5d5700 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - *** PE_TASK_SCHEDULE_RADIUS Started ***
2023-03-04 20:43:28,552 [RequestHandler-1-0x7ff4ba5d5700 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Starting PETaskAuthSourceRestriction **
2023-03-04 20:43:28,552 [RequestHandler-1-0x7ff4ba5d5700 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Starting PETaskRoleMapping **
2023-03-04 20:43:28,553 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Completed PETaskAuthSourceRestriction **
2023-03-04 20:43:28,553 [AuthReqThreadPool-31-0x7ff5c43e1700 r=R00053e89-03-640401a0 h=72] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(distinguishedName=%{memberOf}), error=No values for param=memberOf
2023-03-04 20:43:28,553 [AuthReqThreadPool-31-0x7ff5c43e1700 r=R00053e89-03-640401a0 h=72] WARN Ldap.LdapQuery - execute: Failed to construct filter=(distinguishedName=%{memberOf})
2023-03-04 20:43:28,553 [AuthReqThreadPool-31-0x7ff5c43e1700 r=R00053e89-03-640401a0 h=72] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(&(sAMAccountName=%{Host:Name}$)(objectClass=computer)), error=No values for param=Host:Name
2023-03-04 20:43:28,553 [AuthReqThreadPool-31-0x7ff5c43e1700 r=R00053e89-03-640401a0 h=72] WARN Ldap.LdapQuery - execute: Failed to construct filter=(&(sAMAccountName=%{Host:Name}$)(objectClass=computer))
2023-03-04 20:43:28,553 [AuthReqThreadPool-31-0x7ff5c43e1700 r=R00053e89-03-640401a0 h=72] WARN Ldap.LdapQuery - Failed to get value for attributes=Account Expires, Department, Email, Phone, Title, company, groupName, hostDnsName, hostOperatingSystem, hostServicePack, memberOf]
2023-03-04 20:43:28,554 [RequestHandler-1-0x7ff4ba5d5700 h=6703857 c=R00053e89-03-640401a0] INFO Core.PETaskRoleMapping - Roles: Other]
2023-03-04 20:43:28,554 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Completed PETaskRoleMapping **
2023-03-04 20:43:28,554 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Starting PETaskPolicyResult **
2023-03-04 20:43:28,554 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Completed PETaskPolicyResult **
2023-03-04 20:43:28,554 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Starting PETaskEnforcement **
2023-03-04 20:43:28,555 [RequestHandler-1-0x7ff4ba5d5700 h=6703860 c=R00053e89-03-640401a0] INFO Core.PETaskEnforcement - EnfProfiles: Deny Access Profile]
2023-03-04 20:43:28,555 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Completed PETaskEnforcement **
2023-03-04 20:43:28,555 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Starting PETaskRadiusEnfProfileBuilder **
2023-03-04 20:43:28,555 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Starting PETaskRadiusCoAEnfProfileBuilder **
2023-03-04 20:43:28,555 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Starting PETaskAppEnfProfileBuilder **
2023-03-04 20:43:28,555 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Starting PETaskAgentEnfProfileBuilder **
2023-03-04 20:43:28,555 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Starting PETaskPostAuthEnfProfileBuilder **
2023-03-04 20:43:28,555 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Starting PETaskGenericEnfProfileBuilder **
2023-03-04 20:43:28,555 [RequestHandler-1-0x7ff4ba5d5700 h=6703866 c=R00053e89-03-640401a0] INFO Core.PETaskGenericEnfProfileBuilder - getApplicableProfiles: No App enforcement (Generic) profiles applicable for this device
2023-03-04 20:43:28,555 [RequestHandler-1-0x7ff4ba5d5700 h=6703861 c=R00053e89-03-640401a0] INFO Core.PETaskRadiusEnfProfileBuilder - EnfProfileAction=DENY
2023-03-04 20:43:28,555 [RequestHandler-1-0x7ff4ba5d5700 h=6703861 c=R00053e89-03-640401a0] INFO Core.PETaskRadiusEnfProfileBuilder - Radius enfProfiles used: Deny Access Profile]
2023-03-04 20:43:28,555 [RequestHandler-1-0x7ff4ba5d5700 h=6703861 c=R00053e89-03-640401a0] INFO Core.EnfProfileComputer - getFinalSessionTimeout: sessionTimeout = 0
2023-03-04 20:43:28,556 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Completed PETaskGenericEnfProfileBuilder **
2023-03-04 20:43:28,556 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Completed PETaskAgentEnfProfileBuilder **
2023-03-04 20:43:28,556 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Completed PETaskAppEnfProfileBuilder **
2023-03-04 20:43:28,556 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Starting PETaskCliEnforcement **
2023-03-04 20:43:28,556 [RequestHandler-1-0x7ff4ba5d5700 h=6703867 c=R00053e89-03-640401a0] INFO Core.PETaskCliEnforcement - startHandler: Request rejected. Skip CLI enforcement
2023-03-04 20:43:28,556 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Completed PETaskRadiusEnfProfileBuilder **
2023-03-04 20:43:28,556 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703862 c=R00053e89-03-640401a0] INFO Core.PETaskRadiusCoAEnfProfileBuilder - getApplicableProfiles: No radius_coa enforcement profiles applicable for this device
2023-03-04 20:43:28,556 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703865 c=R00053e89-03-640401a0] INFO Core.PETaskPostAuthEnfProfileBuilder - getApplicableProfiles: No Post auth enforcement profiles applicable for this device
2023-03-04 20:43:28,556 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Completed PETaskCliEnforcement **
2023-03-04 20:43:28,556 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Completed PETaskRadiusCoAEnfProfileBuilder **
2023-03-04 20:43:28,556 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Completed PETaskPostAuthEnfProfileBuilder **
2023-03-04 20:43:28,556 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Starting PETaskAuthStatusInfo **
2023-03-04 20:43:28,556 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Starting PETaskOutputPolicyRes **
2023-03-04 20:43:28,556 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Starting PETaskSessionLog **
2023-03-04 20:43:28,559 [RequestHandler-1-0x7ff4ba5d5700 h=6703869 c=R00053e89-03-640401a0] INFO Core.XpipPolicyResHandler - populateResponseTlv: PETaskPostureOutput does not exist. Skip sending posture VAFs
2023-03-04 20:43:28,559 [RequestHandler-1-0x7ff4ba5d5700 h=6703869 c=R00053e89-03-640401a0] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr
2023-03-04 20:43:28,559 [RequestHandler-1-0x7ff4ba5d5700 h=6703868 c=R00053e89-03-640401a0] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr
2023-03-04 20:43:28,560 [main SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - Policy Evaluation time = 10 ms
2023-03-04 20:43:28,560 [main SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - rlm_policy: Received Deny Enforcement Profile
2023-03-04 20:43:28,560 [main SessId R00053e89-03-640401a0] INFO RadiusServer.Radius - rlm_policy: Policy Server reply does not contain Posture-Validation-Response
2023-03-04 20:43:28,560 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Completed PETaskSessionLog **
2023-03-04 20:43:28,560 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Completed PETaskOutputPolicyRes **
2023-03-04 20:43:28,560 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - ** Completed PETaskAuthStatusInfo **
2023-03-04 20:43:28,560 [RequestHandler-1-0x7ff4ba5d5700 r=R00053e89-03-640401a0 h=6703855 c=R00053e89-03-640401a0] INFO Core.PETaskScheduler - *** PE_TASK_SCHEDULE_RADIUS Completed ***
And here's a log from the REJECT, where I can see it is trying to use both identities.
What makes this all frustrating is that I see people getting it to work...I just can't or am missing something. Plus my EAP-TLS environment works fine and processes everything normally. For example, I don't know why TEAP-MEthod-1-Username is showing like that...but in our regular EAP-TLS logs it is different.
I know this has been a lot of text and screenshots, and I do have a ticket open with TAC...but was hoping someone out there is in a similar spot and can maybe offer some advice.
Thanks!