Hello Peter, Are you able to replicate a failure on demand ?
Thanks, Ludovic Zammit Product Support Engineer Principal Lead Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Apr 11, 2025, at 9:13 AM, Peter Jensen via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > This Message Is From an External Sender > This message came from outside your organization. > Hi all, > > We’re currently experiencing issues with Linux devices trying to connect via > 802.1X using PEAP, both on wired and wireless connections, and I’m wondering > if anyone else has encountered similar problems. > > We have a connection profile configured that filters for MSCHAPv2 and PEAP. > It also verifies that the MAC address of the device is present in a specific > MAC list (set to Any), and all other conditions are combined using AND logic. > If the MAC address is found on the list, an authentication profile is > selected which validates the username and password against our Windows AD, > and ensures the user is a member of a specific group, such as 802.1x-users. > > The issue we’re seeing is that users often have to try multiple times (e.g., > disabling/enabling the network interface) before they can successfully > connect. In some cases, they are unable to connect at all until hours later, > even when trying the exact same credentials. > > The radius.log shows the typical MSCHAP error about invalid credentials. > However, the credentials are definitely correct — they’ve been verified > multiple times and eventually do work. > There is no related entry in packetfence.log until the radius.log finally > shows a successful authentication. > > Could this be caused by the MAC address condition in the connection profile, > or is it something else entirely? > > Interestingly, our Windows clients use EAP-TTLS instead, and they work > perfectly every time — so the problem seems to be isolated to Linux clients > using PEAP. > > Has anyone seen or experienced this kind of behavior before? > > Any insight or suggestions would be greatly appreciated! > > > > > Peter Jensen > Consultant > ScitoDK > > > > > +45 40 73 17 37 <tel:+45 40 73 17 37> > p...@scito.dk <mailto:p...@scito.dk> > > <https://urldefense.com/v3/__https://www.linkedin.com/in/senseipeter/__;!!GjvTz_vk!Ur9jKcFZSjJjJXq1MJRAE4ZpWTtkkJfyRjECZhZQpotAMV1TC8YFtQWAKS_v8_YmXzaugCYayj1lK3Mvuexw9cXI_EXjnYtaxKaJig$> > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > <mailto:PacketFence-users@lists.sourceforge.net> > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!Ur9jKcFZSjJjJXq1MJRAE4ZpWTtkkJfyRjECZhZQpotAMV1TC8YFtQWAKS_v8_YmXzaugCYayj1lK3Mvuexw9cXI_EXjnYuWF4dvTw$
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
