Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
249
Views
0
Helpful
0
Replies

Can not make ISE authentication on Centos7 against AD

Mustafa Atakan
Level 1
Level 1

‎07-17-2017 05:44 AM - edited ‎03-11-2019 12:51 AM

Hello,

I have the below configuration files under /etc/sysconfig/network-scripts directory. Using these files, I cannot make an ISE authentication on Centos7 against AD. 

Although I added eno1 into a zone (public), restarting of NetworkManager put it out of this zone. 

What should I focus on to fix this problem?

Thanks.

/etc/sysconfig/network-scripts/ifcfg-eno1:

DEVICE=eno1
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=dhcp
IEEE_8021X_INNER_AUTH_METHODS=MSCHAPV2
KEY_MGMT=IEEE8021X
IEEE_8021X_EAP_METHODS=PEAP
IEEE_8021X_IDENTITY=host/host1091
ZONE=public


/etc/sysconfig/network-scripts/keys-eno1: 
IEEE_8021X_PASSWORD=myhostpasswordhashxxyzzzz

The corresponding NetworkManager log entries in /var/log/message:

device (eno1): supplicant interface state: starting -> ready
Config: added 'password' value '<omitted>'
Config: added 'key_mgmt' value 'IEEE8021X'
Config: added 'eapol_flags' value '0'
Config: added 'eap' value 'PEAP'
Config: added 'fragment_size' value '1266'
Config: added 'phase2' value 'auth=MSCHAPV2'
Config: added 'identity' value 'host/host1091'
sup-iface[0x7fd01dad6c20,eno1]: config: set interface ap_scan to 0
device (eno1): supplicant interface state: ready -> associated
device (eno1): Activation: (ethernet) association took too long.
device (eno1): state change: config -> need-auth (reason 'none') [50 60 0]
device (eno1): Activation: (ethernet) asking for new secrets
device (eno1): state change: need-auth -> prepare (reason 'none') [60 40 0]
device (eno1): state change: prepare -> config (reason 'none') [40 50 0]
device (eno1): Activation: (ethernet) connection 'eno1' requires no security. No secrets needed.
device (eno1): supplicant interface state: starting -> ready
Config: added 'password' value '<omitted>'
Config: added 'key_mgmt' value 'IEEE8021X'
Config: added 'eapol_flags' value '0'
Config: added 'eap' value 'PEAP'
Config: added 'fragment_size' value '1266'
Config: added 'phase2' value 'auth=MSCHAPV2'
Config: added 'identity' value 'host/host1091'
sup-iface[0x7fd01da6cab0,eno1]: config: set interface ap_scan to 0
device (eno1): supplicant interface state: ready -> associated
device (eno1): Activation: (ethernet) association took too long.
device (eno1): state change: config -> failed (reason 'no-secrets') [50 120 7]
manager: NetworkManager state is now CONNECTED_LOCAL
device (eno1): Activation: failed for connection 'eno1'
device (eno1): state change: failed -> disconnected (reason 'none') [120 30 0]
policy: auto-activating connection 'eno1.nonised'
device (eno1): Activation: starting connection 'eno1.nonised' (64c1050b-fd57-f70d-22ef-039b23d1c969)
device (eno1): state change: disconnected -> prepare (reason 'none') [30 40 0]
manager: NetworkManager state is now CONNECTING
device (eno1): state change: prepare -> config (reason 'none') [40 50 0]
firewall: [0x7fd01da8eed0,remove:"eno1"]: complete: request failed (UNKNOWN_INTERFACE: 'eno1' is not in any zone)

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents