Security

Hi Guys,

 

I installed ClearPass recently in my office and I am experimenting with 802.1x authentication.

I am able to authenticate Users using EAP-TLS

but I am not able to auth MACHINES using EAP-TLS.

 

The machines and the ROOT-CA are in the same domain.

I configured my ClearPass as a SubordinateCA.

 

I am not 100% if I am doing it right.

 

The machine TRUSTS the ROOT-CA and the radius.cert from the ClearPass.

 

From the machine itself I entered CertSrv and asked for a 'Computer' (templete) certificate, downloaded and installed it on both 'user' and 'local machine' under "Personal" folder.

 

User auth - works great !

Machine auth - not working with error 9002.

 

I would really appriciate any help.

 

 

Regards,

Omri

 

Edit:

Forgot to add:

I manually configured the Wireless adapter for EAP-TLS and I unchecked "verify the servers' identity".

You should ALWAYS validate the server. Otherwise, why use RADIUS, especially EAP-TLS, at all?

 

The only time I've seen the timeout error (unable to complete transaction) is when the trust relationship with the computer and AD had been broken.

 

A simple test would be to rejoin the computer to the domain.

Is this for wired or wireless?

Sent from Mail for Windows 10

With eap-tls there is no need to join clearpass in the domain.

In most causes with this error (9002) the client is not correctly configured. You have already disabled validation so that is not an issue. Maybe the client can’t use the certificate you installed. Have you checked the event logs at the client?