Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
932
Views
0
Helpful
0
Replies

ISE 5400 Failed User Authentication Why?

jamie.mai
Level 1
Level 1

‎01-19-2021 09:28 AM

Hello, we are doing PEAP machine only for wired 802.1x, (Policy is set up so if a PC has the cert and is in the AD group it passes) so wondering why we are getting these user auth attempts and so then the switch shows dot1x failed even though the machine passes. Its says looking up user in AD but why because I don't have a policy set to require that. Thanks for any help!

 

Steps

 11001Received RADIUS Access-Request
 11017RADIUS created a new session
 15049Evaluating Policy Group
 15008Evaluating Service Selection Policy
 15048Queried PIP - Airespace.Airespace-Wlan-Id
 15048Queried PIP - DEVICE.Device Type
 11507Extracted EAP-Response/Identity
 12500Prepared EAP-Request proposing EAP-TLS with challenge
 12625Valid EAP-Key-Name attribute received
 11006Returned RADIUS Access-Challenge
 11001Received RADIUS Access-Request
 11018RADIUS is re-using an existing session
 12301Extracted EAP-Response/NAK requesting to use PEAP instead
 12300Prepared EAP-Request proposing PEAP with challenge
 12625Valid EAP-Key-Name attribute received
 11006Returned RADIUS Access-Challenge
 11001Received RADIUS Access-Request
 11018RADIUS is re-using an existing session
 12302Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated
 12318Successfully negotiated PEAP version 0
 12800Extracted first TLS record; TLS handshake started
 12805Extracted TLS ClientHello message
 12806Prepared TLS ServerHello message
 12807Prepared TLS Certificate message
 12808Prepared TLS ServerKeyExchange message
 12810Prepared TLS ServerDone message
 12811Extracted TLS Certificate message containing client certificate
 12305Prepared EAP-Request with another PEAP challenge
 11006Returned RADIUS Access-Challenge
 11001Received RADIUS Access-Request
 11018RADIUS is re-using an existing session
 12304Extracted EAP-Response containing PEAP challenge-response
 12305Prepared EAP-Request with another PEAP challenge
 11006Returned RADIUS Access-Challenge
 11001Received RADIUS Access-Request
 11018RADIUS is re-using an existing session
 12304Extracted EAP-Response containing PEAP challenge-response
 12305Prepared EAP-Request with another PEAP challenge
 11006Returned RADIUS Access-Challenge
 11001Received RADIUS Access-Request
 11018RADIUS is re-using an existing session
 12304Extracted EAP-Response containing PEAP challenge-response
 12305Prepared EAP-Request with another PEAP challenge
 11006Returned RADIUS Access-Challenge
 11001Received RADIUS Access-Request
 11018RADIUS is re-using an existing session
 12304Extracted EAP-Response containing PEAP challenge-response
 12305Prepared EAP-Request with another PEAP challenge
 11006Returned RADIUS Access-Challenge
 11001Received RADIUS Access-Request
 11018RADIUS is re-using an existing session
 12304Extracted EAP-Response containing PEAP challenge-response
 12318Successfully negotiated PEAP version 0
 12812Extracted TLS ClientKeyExchange message
 12813Extracted TLS CertificateVerify message
 12804Extracted TLS Finished message
 12801Prepared TLS ChangeCipherSpec message
 12802Prepared TLS Finished message
 12816TLS handshake succeeded
 12310PEAP full handshake finished successfully
 12305Prepared EAP-Request with another PEAP challenge
 11006Returned RADIUS Access-Challenge
 11001Received RADIUS Access-Request
 11018RADIUS is re-using an existing session
 12304Extracted EAP-Response containing PEAP challenge-response
 12313PEAP inner method started
 11521Prepared EAP-Request/Identity for inner EAP method
 12305Prepared EAP-Request with another PEAP challenge
 11006Returned RADIUS Access-Challenge
 11001Received RADIUS Access-Request
 11018RADIUS is re-using an existing session
 12304Extracted EAP-Response containing PEAP challenge-response
 11522Extracted EAP-Response/Identity for inner EAP method
 11806Prepared EAP-Request for inner method proposing EAP-MSCHAP with challenge
 12305Prepared EAP-Request with another PEAP challenge
 11006Returned RADIUS Access-Challenge
 11001Received RADIUS Access-Request
 11018RADIUS is re-using an existing session
 12304Extracted EAP-Response containing PEAP challenge-response
 11808Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated
 15041Evaluating Identity Policy
 15013Selected Identity Source - Company_AD
 24430Authenticating user against Active Directory - Company_AD
 24325Resolving identity - Company\username
 24313Search for matching accounts at join point - company.int
 24315Single matching account found in domain - company.int
 24323Identity resolution detected single matching account
 24343RPC Logon request succeeded - user@company.int
 24402User authentication against Active Directory succeeded - Company_AD
 22037Authentication Passed
 11824EAP-MSCHAP authentication attempt passed
 12305Prepared EAP-Request with another PEAP challenge
 11006Returned RADIUS Access-Challenge
 11001Received RADIUS Access-Request
 11018RADIUS is re-using an existing session
 12304Extracted EAP-Response containing PEAP challenge-response
 11810Extracted EAP-Response for inner method containing MSCHAP challenge-response
 11814Inner EAP-MSCHAP authentication succeeded
 11519Prepared EAP-Success for inner EAP method
 12314PEAP inner method finished successfully
 12305Prepared EAP-Request with another PEAP challenge
 11006Returned RADIUS Access-Challenge
 11001Received RADIUS Access-Request
 11018RADIUS is re-using an existing session
 12304Extracted EAP-Response containing PEAP challenge-response
 24433Looking up machine in Active Directory - Company_AD
 24325Resolving identity - PC21$@company.int
 24313Search for matching accounts at join point - company.int
 24318No matching account found in forest - company.int
 24315Single matching account found in domain - company.int
 24323Identity resolution detected single matching account
 24439Machine Attributes retrieval from Active Directory succeeded - Company_AD
 24422ISE has confirmed previous successful machine authentication for user in Active Directory
 15036Evaluating Authorization Policy
 24209Looking up Endpoint in Internal Endpoints IDStore - COMPANY\user
 24211Found Endpoint in Internal Endpoints IDStore
 11055User name change detected for the session. Attributes for the session will be removed from the cache
 15048Queried PIP - Network Access.EapTunnel
 24432Looking up user in Active Directory - Company_AD
 24355LDAP fetch succeeded - company.int
 24416User's Groups retrieval from Active Directory succeeded - Company_AD
 15048Queried PIP - Company_AD.ExternalGroups
 15016Selected Authorization Profile - DenyAccess
 15039Rejected per authorization profile
 12306PEAP authentication succeeded
 11503Prepared EAP-Success
 11003Returned RADIUS Access-Reject

 

 

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents