Hi all.
I have a huge problem when authenticating Wyse Thin Clients to my network using Clearpass as a Radius server and Cisco as a switch. First I'm not able to use EAP-PEAP / TLS because Wyse need to get a configuration before it can do EAP-PEAP / TLS so the only choice is to use MAC autentication, but that doesn't work neighter because Wyse doesn't send MAC address on both username and password, only username so I get error "MAC_AUTH: No password in request. Not attempting MAC authentication".
So I tried to use Authorization service, I just changed service to Radius:IETF NAS-Port_type EQUALS Ethernet and Radius:IETF Service-Type BELONGS_TO Login-User, Framed-USer, Authenticate-Only and using Endpoint database as an authorization source (yes they are profiled) and just a basic Enforcement policy like "Authorization:Sources EQUALS [Endpoints Reposity] Role Allow Access.
Now that works, Clearpass says Login Status ACCEPT but now Cisco Switch puts these clients to "Fail VLAN (VLAN 11) " even they are accepted by Clearpass. I have even made enforcement profile with Radius:IETF Tunnel-Private-Group-Id = 10 and it doensn't work. I also have a profile for laptops (EAP-TLS) using same switch and switch settings and when they are successfully authenticated with enforcement profile "allow access" they go to a correct VLAN (VLAN10) so it's not about switch configurations.
Can anyone help me? Thx.