Security

Hi

I attempt to configure a sensor, Product ASIN0303, Part Number UX-G6.

I assume is a supplicant , I can't see any setup options;
I only able to see opcion tu upload the certificate and name

I attempt to sign up using a computer certificate.
I receive a warning when using the NPS. 

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          3/6/2023 9:42:42 PM
Event ID:      6273
Task Category: Network Policy Server
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      HEISFRARAD02.hosting.heiway.net
Description:
Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
    Security ID:            HEIWAY\ARUBAUX$
    Account Name:            arubaux$@heiway.net
    Account Domain:            HEIWAY
    Fully Qualified Account Name:    heiway.net/ES1/WorkstationsM2/Administration/ArubaUX

Client Machine:
    Security ID:            NULL SID
    Account Name:            -
    Fully Qualified Account Name:    -
    Called Station Identifier:        00-41-d2-41-c3-a0:WLAN1864_PRUEBAS
    Calling Station Identifier:        28-de-65-26-9f-c3

NAS:
    NAS IPv4 Address:        10.92.128.124
    NAS IPv6 Address:        -
    NAS Identifier:            es1-mad-e-wlc002
    NAS Port-Type:            Wireless - IEEE 802.11
    NAS Port:            13

RADIUS Client:
    Client Friendly Name:        Trazabilidad_Wifi - ESLWMIR02
    Client IP Address:            10.92.128.124

Authentication Details:
    Connection Request Policy Name:    Use Windows authentication for all users
    Network Policy Name:        Copy of Heineken WLAN1864 EAP-PEAP authentication
    Authentication Provider:        Windows
    Authentication Server:        HEISFRARAD02.hosting.heiway.net
    Authentication Type:        EAP
    EAP Type:            -
    Account Session Identifier:        36343036333465632F32383A64653A36353A32363A39663A63332F383636393931
    Logging Results:            Accounting information was written to the local log file.
    Reason Code:            22
    Reason:                The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.

The UXI Sensor (G6, but other models neither) does not support PEAP-TLS, just PEAP-MSCHAPv2 and PEAP-GTC which you should not use. I don't think I know other clients than Windows that support PEAP with TLS.

If your NPS is configured for PEAP-TLS, then it's correct that 'EAP Type cannot be processed by the server'.

Hi

I attempt to configure a sensor, Product ASIN0303, Part Number UX-G6.

I assume is a supplicant , I can't see any setup options;
I only able to see opcion tu upload the certificate and name

I attempt to sign up using a computer certificate.
I receive a warning when using the NPS. 

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          3/6/2023 9:42:42 PM
Event ID:      6273
Task Category: Network Policy Server
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      HEISFRARAD02.hosting.heiway.net
Description:
Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
    Security ID:            HEIWAY\ARUBAUX$
    Account Name:            arubaux$@heiway.net
    Account Domain:            HEIWAY
    Fully Qualified Account Name:    heiway.net/ES1/WorkstationsM2/Administration/ArubaUX

Client Machine:
    Security ID:            NULL SID
    Account Name:            -
    Fully Qualified Account Name:    -
    Called Station Identifier:        00-41-d2-41-c3-a0:WLAN1864_PRUEBAS
    Calling Station Identifier:        28-de-65-26-9f-c3

NAS:
    NAS IPv4 Address:        10.92.128.124
    NAS IPv6 Address:        -
    NAS Identifier:            es1-mad-e-wlc002
    NAS Port-Type:            Wireless - IEEE 802.11
    NAS Port:            13

RADIUS Client:
    Client Friendly Name:        Trazabilidad_Wifi - ESLWMIR02
    Client IP Address:            10.92.128.124

Authentication Details:
    Connection Request Policy Name:    Use Windows authentication for all users
    Network Policy Name:        Copy of Heineken WLAN1864 EAP-PEAP authentication
    Authentication Provider:        Windows
    Authentication Server:        HEISFRARAD02.hosting.heiway.net
    Authentication Type:        EAP
    EAP Type:            -
    Account Session Identifier:        36343036333465632F32383A64653A36353A32363A39663A63332F383636393931
    Logging Results:            Accounting information was written to the local log file.
    Reason Code:            22
    Reason:                The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.

Hi 

Sorry I want to say EAP-TLS

The UXI Sensor (G6, but other models neither) does not support PEAP-TLS, just PEAP-MSCHAPv2 and PEAP-GTC which you should not use. I don't think I know other clients than Windows that support PEAP with TLS.

If your NPS is configured for PEAP-TLS, then it's correct that 'EAP Type cannot be processed by the server'.

Hi

I attempt to configure a sensor, Product ASIN0303, Part Number UX-G6.

I assume is a supplicant , I can't see any setup options;
I only able to see opcion tu upload the certificate and name

I attempt to sign up using a computer certificate.
I receive a warning when using the NPS. 

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          3/6/2023 9:42:42 PM
Event ID:      6273
Task Category: Network Policy Server
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      HEISFRARAD02.hosting.heiway.net
Description:
Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
    Security ID:            HEIWAY\ARUBAUX$
    Account Name:            arubaux$@heiway.net
    Account Domain:            HEIWAY
    Fully Qualified Account Name:    heiway.net/ES1/WorkstationsM2/Administration/ArubaUX

Client Machine:
    Security ID:            NULL SID
    Account Name:            -
    Fully Qualified Account Name:    -
    Called Station Identifier:        00-41-d2-41-c3-a0:WLAN1864_PRUEBAS
    Calling Station Identifier:        28-de-65-26-9f-c3

NAS:
    NAS IPv4 Address:        10.92.128.124
    NAS IPv6 Address:        -
    NAS Identifier:            es1-mad-e-wlc002
    NAS Port-Type:            Wireless - IEEE 802.11
    NAS Port:            13

RADIUS Client:
    Client Friendly Name:        Trazabilidad_Wifi - ESLWMIR02
    Client IP Address:            10.92.128.124

Authentication Details:
    Connection Request Policy Name:    Use Windows authentication for all users
    Network Policy Name:        Copy of Heineken WLAN1864 EAP-PEAP authentication
    Authentication Provider:        Windows
    Authentication Server:        HEISFRARAD02.hosting.heiway.net
    Authentication Type:        EAP
    EAP Type:            -
    Account Session Identifier:        36343036333465632F32383A64653A36353A32363A39663A63332F383636393931
    Logging Results:            Accounting information was written to the local log file.
    Reason Code:            22
    Reason:                The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.

So is EAP-TLS enabled on your NPS server?  Keep in mind this is a forum typically focused on Aruba ClearPass.  You may have better luck posting in a Microsoft forum.

Hi 

Sorry I want to say EAP-TLS

The UXI Sensor (G6, but other models neither) does not support PEAP-TLS, just PEAP-MSCHAPv2 and PEAP-GTC which you should not use. I don't think I know other clients than Windows that support PEAP with TLS.

If your NPS is configured for PEAP-TLS, then it's correct that 'EAP Type cannot be processed by the server'.

Hi

I attempt to configure a sensor, Product ASIN0303, Part Number UX-G6.

I assume is a supplicant , I can't see any setup options;
I only able to see opcion tu upload the certificate and name

I attempt to sign up using a computer certificate.
I receive a warning when using the NPS. 

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          3/6/2023 9:42:42 PM
Event ID:      6273
Task Category: Network Policy Server
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      HEISFRARAD02.hosting.heiway.net
Description:
Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
    Security ID:            HEIWAY\ARUBAUX$
    Account Name:            arubaux$@heiway.net
    Account Domain:            HEIWAY
    Fully Qualified Account Name:    heiway.net/ES1/WorkstationsM2/Administration/ArubaUX

Client Machine:
    Security ID:            NULL SID
    Account Name:            -
    Fully Qualified Account Name:    -
    Called Station Identifier:        00-41-d2-41-c3-a0:WLAN1864_PRUEBAS
    Calling Station Identifier:        28-de-65-26-9f-c3

NAS:
    NAS IPv4 Address:        10.92.128.124
    NAS IPv6 Address:        -
    NAS Identifier:            es1-mad-e-wlc002
    NAS Port-Type:            Wireless - IEEE 802.11
    NAS Port:            13

RADIUS Client:
    Client Friendly Name:        Trazabilidad_Wifi - ESLWMIR02
    Client IP Address:            10.92.128.124

Authentication Details:
    Connection Request Policy Name:    Use Windows authentication for all users
    Network Policy Name:        Copy of Heineken WLAN1864 EAP-PEAP authentication
    Authentication Provider:        Windows
    Authentication Server:        HEISFRARAD02.hosting.heiway.net
    Authentication Type:        EAP
    EAP Type:            -
    Account Session Identifier:        36343036333465632F32383A64653A36353A32363A39663A63332F383636393931
    Logging Results:            Accounting information was written to the local log file.
    Reason Code:            22
    Reason:                The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.