We have ClearPass 6.5.2, and occasionally have a user who cannot sign into our wireless network. Authentication to the network is done via 802.1x. ClearPass is bound to our Active Directory, as are the majority of our computers.
Sometimes CP and the AD Domain Controllers will say that a user's username or password is incorrect, but computers allow these users to sign on without a problem. Having the user change their password always resolves the issue, but it's annoying, and we don't see why a password that works for computers in an AD would break when CP tries to authenticate the user against the same AD. Here's the error ClearPass gives us:
MSCHAP: AD status:Logon failure (0xc000006d)
MSCHAP: AD status:Logon failure (0xc000006d)
MSCHAP: Authentication failed
EAP-MSCHAPv2: User authentication failure
So far, there are only two things that seem consistent. We had this problem on our previous FreeRADIUS server that we replaced with ClearPass, meaning the two common threads are the FreeRADIUS software itself and the AD that we're using.
We're not sure where else to look for clues, and are hoping that the community has ideas. I haven't asked TAC yet because the issue seems very inconsistent and, when it happens to a user, we don't ask them to wait an unspecified length of time to get online while everyone around them is enjoying being online and we figure it out.
Please let me know if you want more information. I'm happy to answer questions. Thanks!
Matt