Password expiration/change prompt on PEAP-MSCHAPv2 challenge
03-13-2018 01:33 PM
When authenticating via PEAP-MSCHAPv2 to Clearpass Policy Manager and authenticating via LDAP, when the password changes in LDAP, the user is not told that their password is incorrect and is not asked to retry. Instead the authentication simply fails. On Windows 10 1709 the response is "Can't connect to this network". Authentication also fails on MacOS 10.13.3 with no prompt to retype the password.
The only known fix is to remove the network profile on the client completely.
A similar issue is outlined here: https://github.com/FreeRADIUS/freeradius-server/issues/1762
Is there a certain configuration that would re-prompt for an updated challenge? Is this expected behavior?