Security

Reply
Highlighted
Occasional Contributor II

A user is not able to authenticate using 802.1x

I have a user who is not able to authenticate using 802.1x on ClearPass. He is able to logon to his computer and email using the same Activate Directory account but is not able to authenticate using ClearPass. He has tried on multiple devices and he still cannot authenticate. As far as I can see he is the only who has complained so out of a thousand users. Please see logs, I have removed some sensitive information from them.  

Aruba Employee

Re: A user is not able to authenticate using 802.1x

He is being denied by Policy which means the conditions defined under Enforcement Policy for him to get a role is not getting fulfilled. 

 

Check Access Tracker and compare why isn't he hitting any of your policies and being sent a [Deny Access Profile] else contact TAC for quicker resolution.

Occasional Contributor II

Re: A user is not able to authenticate using 802.1x

Thanks for the quick reply. I have already checked  Access Tracker and he shouldn't be denied according to the logic. He's account is in good standing, part of the OU that is been queried, and he inputting the right credentials in order to login.  

Aruba Employee

Re: A user is not able to authenticate using 802.1x

Credentials is not an issue as far as I see here.

 

If a simple/default allow access profile allows him then you can validate the same. You can create a service on top of your existing one for that user only to play with it. If required, use TAC

Contributor I

Re: A user is not able to authenticate using 802.1x

Screnshots of your role mapping/enforcement would be helpful.

But he's getting the roles [Other], [User Authenticated]

Based on what I see in your enforcement policy, that doesn't match any rule you have, so he'll get the default rule (Deny Access)

So you need to look in your input tab, at your authorization tab, see which OU clearpass sees, and make sure that is included in your role mapping

Chris Wickline | Network Engineer | York College of Pennsylvania
Occasional Contributor II

Re: A user is not able to authenticate using 802.1x

The user is now able to logon without changing anything on his part. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: