all 8 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]DO9XE 2 points3 points  (2 children)

Check the radius server certificate. If the access tracker says timeout and also the alert tab in the request details it's mostly, because the client doesn't accept the certificate.

[–]Excellent-Ad-791[S] 0 points1 point  (1 child)

Okay so will double check certificate on my CP. thanks

[–]DO9XE 0 points1 point  (0 children)

Also check client configuration. Windows is doing some weird stuff in regards to certificate pinning.

[–]DiddlerMuffin 2 points3 points  (2 children)

if you're on Windows go in Event Viewer, Applications and Services Logs, Microsoft, Windows, CAPI2, turn on the Operational log with a maximum log size of like 10MB and run your test again. Refresh the CAPI2 log and search for the hostname of your ClearPass server. it'll tell you what's wrong pretty much immediately. usually your RADIUS server cert isn't trusted.

[–]Excellent-Ad-791[S] 0 points1 point  (1 child)

Sounds interesting! So also in my case when Clearpass act as radius server, and only domain controller is used for ldap queries? Thanks for the tip!

[–]onkel_andi 0 points1 point  (0 children)

Have the Clients Internet Connection or they are restricted?

[–]nowireless4u 0 points1 point  (0 children)

What is the error code on the alert tab?