Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

machine authentication not working with peap mschapv2

I have installed ACS ver 4.1.1 trial downloaded from cisco web sites. I have configure 802.1x machine authentication using self generated certificate with unknown user policy configure for windows database authentication. I can authenticate user via peap authentication. but i can never get the machine authentication working. on failed attempted.psv, i found EAP-TLS or PEAP authentication failed during SSL handshake. in the auth.log i found below message:

TH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PolicyMgr::CreateContext: new context id=3

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: User-Name=host/paul2.test.com

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: Service-Type=2

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: Framed-MTU=1500

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: Called-Station-Id=00-11-93-69-C5-9A

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: Calling-Station-Id=00-0E-7B-30-FA-08

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: EAP-Message=(binary value)

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: Message-Authenticator=(binary value)

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: NAS-Port-Type=15

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: NAS-Port=50024

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: NAS-IP-Address=10.20.209.2

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: PDE-NAS-Vendor-14=1

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PdeAttributeSet::addAttribute: PDE-Service-ID-0=0

AUTH 03/02/2008 07:01:13 I 0143 6184 [PDE]: PolicyMgr::SelectService: context id=3; no profile was matched - using default (0)

AUTH 03/02/2008 07:01:13 I 5081 6184 Done RQ1152, client 2, status 0

AUTH 03/02/2008 07:01:13 I 5094 6448 Worker 1 processing message 7.

AUTH 03/02/2008 07:01:13 I 5081 6448 Start RQ1026, client 50 (127.0.0.1)

AUTH 03/02/2008 07:01:13 I 0143 6448 [PDE]: PolicyMgr::Process: request type=5; context id=3; applied default profiles (0) - do nothing

AUTH 03/02/2008 07:01:13 I 5394 6448 Attempting authentication for Unknown User 'host/paul2.test.com'

AUTH 03/02/2008 07:01:13 I 1645 6448 pvAuthenticateUser: authenticate 'host/paul2.test.com' against CSDB

AUTH 03/02/2008 07:01:13 I 5081 6448 Done RQ1026, client 50, status -2046

AUTH 03/02/2008 07:01:13 I 5094 6448 Worker 1 processing message 8.

AUTH 03/02/2008 07:01:13 I 5081 6448 Start RQ1027, client 50 (127.0.0.1)

AUTH 03/02/2008 07:01:13 I 0928 6448 AuthenProcessResponse: process response for 'host/paul2.test.com'

AUTH 03/02/2008 07:01:13 I 5081 6448 Done RQ1027, client 50, status -2046

AUTH 03/02/2008 07:01:13 I 5094 6448 Worker 1 processing message 9.

AUTH 03/02/2008 07:01:13 I 5081 6448 Start RQ1027, client 50 (127.0.0.1)

AUTH 03/02/2008 07:01:13 I 0928 6448 AuthenProcessResponse: process response for 'host/paul2.test.com'

AUTH 03/02/2008 07:01:13 E 0381 6448 EAP: PEAP: ProcessResponse: invalid TLS data size received: 0

AUTH 03/02/2008 07:01:13 I 0381 6448 EAP: PEAP: Second phase: 0 authentication FAILED

AUTH 03/02/2008 07:01:13 I 5081 6448 Done RQ1027, client 50, status -2120

AUTH 03/02/2008 07:01:13 I 5094 6184 Worker 0 processing message 36.

If anyone can shed some light on this.

Cheers,

Andy

1 REPLY
Anonymous
N/A

Re: machine authentication not working with peap mschapv2

288
Views
0
Helpful
1
Replies