Hi all
Quite new here, but we're implementing a new Clearpass solution with standard publisher-subscriber setup for a client. Publisher is located in a datacenter, subscriber on-site at the client & switches have a RADIUS server group configured with the sub as primary and the pub as secondary RADIUS server.
Last week, we got around to setting up the subscriber node. We had tested a lot with the publisher node, which was fully functioning up until that point. Right before adding the second node to the cluster as a subscriber, I upgraded both nodes from 16.12.0 (VMware OVA deployment version) to the latest 16.12.2.302889 patch. Afterwards, immediately joined the second node to the cluster as subscriber and RADIUS auth worked to the sub as we expected. No issues as far as we could check.
However, today we were testing failover by shutting down the subscriber node. We noticed that we got timeouts to the subscriber node (as expected), but suddenly also the publisher node gave RADIUS timeouts on the switch... which is weird, since it worked the week before and we didn't touch the publisher since then.
We notice that the RADIUS server and RadSec services won't start anymore on the publisher. After some digging in the logs, we found the following logs. These started occuring right after we upgraded the node from 16.12.0 to 16.12.2.302889, even before we joined the sub to the cluster - so I don't think the cluster join is related to our issue. Looking at the logs, it seems like some deeper problem has occured because of the patch - this section of logs re-occurs every minute or two, probably every time CP tries to start its RADIUS service.
Has anyone seen anything like this happen before? And what course of action would be best to go forward with this? We are going live with the system this saturday so time is of essence here, that's why I check here - as well as creating a case with HPE.
Thanks guys!
2024-06-05 14:07:24,487 [RadiusConfig] INFO RadiusConfig.main - Generating Radius Server configuration
2024-06-05 14:07:24,487 [RadiusConfig] INFO RadiusConfig.main - Acquired the radius configuration lock at 1717589244
2024-06-05 14:07:24,489 [RadiusConfig] INFO RadiusConfig.main - Connecting to Configuration Data Source "tipsconfigdb" with UserName "appuser"
2024-06-05 14:07:24,490 [RadiusConfig] ERROR RadiusConfig.main - Cannot connect to Configuration Data Source "tipsconfigdb": IM002 [unixODBC][Driver Manager]Data source name not found and no default driver specified
2024-06-05 14:07:24,490 [RadiusConfig] ERROR RadiusConfig.main - Cannot open Radius Server PID file "/usr/local/avenda/tips/var/run/cpass-radius-server.pid": No such file or directory
2024-06-05 14:07:24,490 [RadiusConfig] INFO RadiusConfig.main - Releasing the radius configuration lock at 1717589244
2024-06-05 14:07:24,698 [RadiusConfig] INFO RadiusConfig.main - No change in firewall rules
2024-06-05 14:07:59,967 [RadiusConfig] INFO RadiusConfig.main - Generating Radius Server configuration
2024-06-05 14:07:59,967 [RadiusConfig] INFO RadiusConfig.main - Acquired the radius configuration lock at 1717589279
2024-06-05 14:07:59,969 [RadiusConfig] INFO RadiusConfig.main - Connecting to Configuration Data Source "tipsconfigdb" with UserName "appuser"
2024-06-05 14:07:59,970 [RadiusConfig] ERROR RadiusConfig.main - Cannot connect to Configuration Data Source "tipsconfigdb": IM002 [unixODBC][Driver Manager]Data source name not found and no default driver specified
2024-06-05 14:07:59,970 [RadiusConfig] ERROR RadiusConfig.main - Cannot open Radius Server PID file "/usr/local/avenda/tips/var/run/cpass-radius-server.pid": No such file or directory
2024-06-05 14:07:59,970 [RadiusConfig] INFO RadiusConfig.main - Releasing the radius configuration lock at 1717589279
2024-06-05 14:08:00,149 [RadiusConfig] INFO RadiusConfig.main - No change in firewall rules