Hi all,
We’re currently experiencing issues with Linux devices trying to connect
via 802.1X using PEAP, both on wired and wireless connections, and I’m
wondering if anyone else has encountered similar problems.
We have a connection profile configured that filters for MSCHAPv2 and
PEAP. It also verifies that the MAC address of the device is present in
a specific MAC list (set to Any), and all other conditions are combined
using AND logic.
If the MAC address is found on the list, an authentication profile is
selected which validates the username and password against our Windows
AD, and ensures the user is a member of a specific group, such as
802.1x-users.
The issue we’re seeing is that users often have to try multiple times
(e.g., disabling/enabling the network interface) before they can
successfully connect. In some cases, they are unable to connect at all
until hours later, even when trying the exact same credentials.
The radius.log shows the typical MSCHAP error about invalid credentials.
However, the credentials are definitely correct — they’ve been verified
multiple times and eventually do work.
There is no related entry in packetfence.log until the radius.log
finally shows a successful authentication.
Could this be caused by the MAC address condition in the connection
profile, or is it something else entirely?
Interestingly, our Windows clients use EAP-TTLS instead, and they work
perfectly every time — so the problem seems to be isolated to Linux
clients using PEAP.
Has anyone seen or experienced this kind of behavior before?
Any insight or suggestions would be greatly appreciated!
Peter Jensen
Consultant
ScitoDK
+45 40 73 17 37 <tel:+45 40 73 17 37>
p...@scito.dk <mailto:p...@scito.dk>
linkedin <https://www.linkedin.com/in/senseipeter/>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
