machine authentication not working with peap mschapv2

Unanswered Question
Mar 1st, 2008

I have installed ACS ver 4.1.1 trial downloaded from cisco web sites. I have configure 802.1x machine authentication using self generated certificate with unknown user policy configure for windows database authentication. I can authenticate user via peap authentication. but i can never get the machine authentication working. on failed attempted.psv, i found EAP-TLS or PEAP authentication failed during SSL handshake. in the auth.log i found below message:

TH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PolicyMgr::CreateContext: new context id=3

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: User-Name=host/paul2.test.com

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: Service-Type=2

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: Framed-MTU=1500

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: Called-Station-Id=00-11-93-69-C5-9A

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: Calling-Station-Id=00-0E-7B-30-FA-08

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: EAP-Message=(binary value)

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: Message-Authenticator=(binary value)

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: NAS-Port-Type=15

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: NAS-Port=50024

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: NAS-IP-Address=10.20.209.2

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: PDE-NAS-Vendor-14=1

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: PDE-Service-ID-0=0

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PolicyMgr::SelectService: context id=3; no profile was matched - using default (0)

AUTH 03/02/2008 07:01:13 I 5081 6184 Done RQ1152, client 2, status 0

AUTH 03/02/2008 07:01:13 I 5094 6448 Worker 1 processing message 7.

AUTH 03/02/2008 07:01:13 I 5081 6448 Start RQ1026, client 50 (127.0.0.1)

AUTH 03/02/2008 07:01:13 I 0143 6448 [PDE]: PolicyMgr::Process: request type=5; context id=3; applied default profiles (0) - do nothing

AUTH 03/02/2008 07:01:13 I 5394 6448 Attempting authentication for Unknown User 'host/paul2.test.com'

AUTH 03/02/2008 07:01:13 I 1645 6448 pvAuthenticateUser: authenticate 'host/paul2.test.com' against CSDB

AUTH 03/02/2008 07:01:13 I 5081 6448 Done RQ1026, client 50, status -2046

AUTH 03/02/2008 07:01:13 I 5094 6448 Worker 1 processing message 8.

AUTH 03/02/2008 07:01:13 I 5081 6448 Start RQ1027, client 50 (127.0.0.1)

AUTH 03/02/2008 07:01:13 I 0928 6448 AuthenProcessResponse: process response for 'host/paul2.test.com'

AUTH 03/02/2008 07:01:13 I 5081 6448 Done RQ1027, client 50, status -2046

AUTH 03/02/2008 07:01:13 I 5094 6448 Worker 1 processing message 9.

AUTH 03/02/2008 07:01:13 I 5081 6448 Start RQ1027, client 50 (127.0.0.1)

AUTH 03/02/2008 07:01:13 I 0928 6448 AuthenProcessResponse: process response for 'host/paul2.test.com'

AUTH 03/02/2008 07:01:13 E 0381 6448 EAP: PEAP: ProcessResponse: invalid TLS data size received: 0

AUTH 03/02/2008 07:01:13 I 0381 6448 EAP: PEAP: Second phase: 0 authentication FAILED

AUTH 03/02/2008 07:01:13 I 5081 6448 Done RQ1027, client 50, status -2120

AUTH 03/02/2008 07:01:13 I 5094 6184 Worker 0 processing message 36.

If anyone can shed some light on this.

Cheers,

Andy

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Sun, 03/02/2008 - 17:44

Actions

This Discussion