Airheads Community

View Only

last person joined: 22 hours ago

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).

Back to discussions

Expand all | Collapse all

Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error with machine authentication

Jump to Best Answer

This thread has been viewed 32 times

1. Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error with machine authentication

0 Kudos
ajorigenes17
Posted Mar 26, 2024 08:02 PM

Reply Reply Privately
Hello everyone , is anybody knows how to solve this issue ? Im using a wild card public CA in my CPPM radius server. when user will authenticate using 802.1x it will reject the user due to this error Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error. for cppm version im using 6.10.8.188650
2. RE: Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error with machine authentication

0 Kudos
EMPLOYEE

chulcher
Posted Mar 26, 2024 09:44 PM

Reply Reply Privately
Wildcard certificate for RADIUS? That's not supported by most supplicants.

------------------------------
Carson Hulcher, ACEX#110
------------------------------

Original Message
3. RE: Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error with machine authentication

0 Kudos
ajorigenes17
Posted Mar 26, 2024 10:37 PM

Reply Reply Privately
Thank you for this information. I will try the self signed certificate, soo is that connected with this error ? eap-peap: fatal alert by client - access_denied tls session reuse error when user try to authenticate ?

Original Message
4. RE: Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error with machine authentication

0 Kudos
EMPLOYEE

chulcher
Posted Mar 26, 2024 11:34 PM

Reply Reply Privately
Could be, can't say that I've ever tried to use a wildcard and seen the error.

------------------------------
Carson Hulcher, ACEX#110
------------------------------

Original Message
5. RE: Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error with machine authentication

0 Kudos
ajorigenes17
Posted Mar 27, 2024 02:41 AM

Reply Reply Privately
it resolved the problem by unchecking the verify the server identity by validating the certificate in device SSID profile. but we will continue to login users in there perspective domain devices and we will check if this configuration will resolve the issue . Thanks for the help !

Original Message
6. RE: Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error with machine authentication
Best Answer

0 Kudos
GerberB
Posted Mar 27, 2024 03:03 AM

Reply Reply Privately
I think the client is missing one of the trusted CA certificates in its trusted root certificate list.

So it cannot verify and trust the chain for the clearpass server by disabling this verification bypass this verification (not secure)

------------------------------
Gerber van Beek
------------------------------

Original Message
7. RE: Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error with machine authentication

0 Kudos
EMPLOYEE

chulcher
Posted Mar 27, 2024 09:47 AM

Reply Reply Privately
There's a different error when the trust isn't in place, and if they are using a wildcard then I hope that's because they are using a certificate from a public CA which the client should already have the trust chain for.

The certificate for RADIUS operations in ClearPass should be a standard certificate with a CN that doesn't match any name on the network. Assign that same certificate to all of the ClearPass servers and then set the supplicant to not only validate the certificate based on a specific trust chain, but only allow that single FQDN that is specified on the certificate.

------------------------------
Carson Hulcher, ACEX#110
------------------------------

Original Message
8. RE: Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error with machine authentication

0 Kudos
GerberB
Posted Mar 27, 2024 10:13 AM

Reply Reply Privately
I know, wasn't expecting this kind of error message too.
Was actual breaking my head what could cause this particular error message.
Installing the correct CA certificates solved it and client was authenticating with EAP-TLS correctly.

------------------------------
Gerber van Beek
------------------------------

Original Message

Security

Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error with machine authentication

1. Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error with machine authentication

2. RE: Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error with machine authentication

3. RE: Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error with machine authentication

4. RE: Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error with machine authentication

5. RE: Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error with machine authentication

6. RE: Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error with machine authentication Best Answer

7. RE: Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error with machine authentication

8. RE: Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error with machine authentication

6. RE: Clearpass eap-peap: fatal alert by client - access_denied tls session reuse error with machine authentication
Best Answer