某局點 WX3540X Windows係統802.1x認證失敗

WX3540X，Version 9.1.055, Release 1218P01

現場AC和IMC做了遠程802.1X認證，使用手機認可以證成功，電腦用iNode客戶端輸入用戶名和密碼可以認證成功，但是使用Windows自帶的連接輸入用戶名和密碼提示：無法連接到這個網絡

一、看AC日誌有如下信息，第一次認證是帶了host名稱，所以提示服務器上用戶不存在，第二次認證的時候，沒有帶host名稱，還是認證失敗了，提示：A user failed 802.1X authentication.Reason:AAA processed authentication request and return 26.

根據之前的一些案例，設置Windows上終端網卡為用戶身份驗證，還是不行

DOT1X/5/DOT1X_WLAN_LOGIN_FAILURE: -Username=host/aaaaaaaaa-UserMAC=xxxx-xxxx-xxxx-BSSID=zzzz-xxxx-xxxx-SSID=Name-APName=AP-RadioID=1-VLANID=32; A user failed 802.1X authentication.Reason:AAA processed authentication request and return 26. Server reason "E63018: The user does not exist or has not subscribed to this service."

DOT1X/5/DOT1X_WLAN_LOGIN_FAILURE: -Username=test-UserMAC=xxxx-xxxx-xxxx-BSSID=zzzz-zzzz-xxxx-SSID=Name-APName=AP-RadioID=2-VLANID=32; A user failed 802.1X authentication.Reason:AAA processed authentication request and return 26.

二、在AC上debugging radius all，有如下信息，03代表服務器回複Access-Reject認證拒絕，聯係IMC側同事協助分析

*Aug  1 18:23:36:468 2024 H3C-AC-TEST RADIUS/7/PACKET:
    EAP-Message=0x04090004
    Message-Authenticator=0x66bab01c041290651e8abc8dc34c3503
*Aug  1 18:23:36:468 2024 H3C-AC-TEST RADIUS/7/PACKET:
 03 8a 00 2c 45 4c c8 52 b5 94 38 93 a2 36 10 a9                  
 7f ee 9c b6 4f 06 04 09 00 04 50 12 66 ba b0 1c
 04 12 90 65 1e 8a bc 8d c3 4c 35 03
*Aug  1 18:23:36:468 2024 H3C-AC-TEST RADIUS/7/EVENT: Sent reply message successfully.
*Aug  1 18:23:36:468 2024 H3C-AC-TEST RADIUS/7/EVENT: PAM_RADIUS: Processing RADIUS authentication.
*Aug  1 18:23:36:468 2024 H3C-AC-TEST RADIUS/7/EVENT: PAM_RADIUS: Fetched authentication reply-data successfully, resultCode: 1
%Aug  1 18:23:36:468 2024 H3C-AC-TEST DOT1X/5/DOT1X_WLAN_LOGIN_FAILURE: -Username=xxxx-UserMAC=xxxx-xxxx-xxxx-BSSID=xxxx-xxxx-xxxx-SSID=Name-APName=AP-RadioID=2-VLANID=32; A user failed 802.1X authentication.Reason:AAA processed authentication request and return 26.

最後IMC側排查，EIA預置證書過期，重新導入證書後認證成功