Hello everyone! We are currently using Clearpass (auth via Active Directory), with EAP-PEAP (MSCHAPv2) to connect our devices. We previously used Microsoft's NPS before we had Clearpass. We also have a 7210 controller running 8.4 (though this was an issue on all 8.x versions we tried).
Long story short: When "Trim FQDN" is enabled, our Domain-Joined Windows devices cannot connect. According to the Access Tracker, the roles, enforcement, etc. work, but the connection is rejected because the "Authentication Method" changes from PEAP MSCHAPv2 to just "EAP". I've attached a screenshot.
iPads, Chromebooks, Android, etc. are still able to connect. When we used NPS, Domain-Joined Windows PCs would still Auth fine.
I contacted support, talked to a Clearpass engineer, and he thinks the issue is on the Controller side, as all of the settings used in Clearpass seemed fine.
Has anyone seen this before or have any ideas? Thanks in advance!