Hi Guys,
i am doing POC integration between clearpass and linux LDAP.
everything works fine with onboarding. users can onboard fine but the problem occur when the user authenticating using EAP-tLS.
my service quite simple, the auth method only allows EAP-TLS and the auth source only allows Onboard repository. expecting only TLS and onboarded devices can connect to this service.
but my onboarded device doesn't seem to be able to use this auth source. access tracker already showing the users using EAP-TLS but shows auth source as none.
CP onboard works as ROOT, i confirmed that the onboarding was a success, user cert already in the onboard repository, and user already manually picked the new cert when connecting to the SSID.
the Logs say:
INFO RadiusServer.Radius - rlm_sql: searching for user testing1 in Local:localhost
ERROR RadiusServer.Radius - rlm_eap_tls: User not found in any authentication source, rejecting
Any insight why clearpass does not use the onboard repository as the auth source eventhough that is the only auth source i have?