IGEL OS authentication with 802.1x issues

I ́ve updated 3 devices to 11.4.106 and now I have problems with the authentication with 802.1x. The igels have a certificate from a ms-scep-server, they ́ve got a valid certificate, but authentification fails. With 11.3.X no problems

Learn more, read the entire thread inside the IGEL Community o Slack

The subject of the certificate for 11.3.X Looks like this: subject= /C=NL/ST=OV/L=Almelo/O=ETC/OU=IT/CN=http://NL02ITC-20008.EXT.ENRITEC.COM NL02ITC-20008.EXT.ENRITEC.COM

The subject of the certificate for 11.4.X Looks like this: subject=C = NL, ST = OV, L = Almelo, O = ETC, OU = IT, CN = NL02ITC-20008.EXT.ENRITEC.COM NL02ITC-20008.EXT.ENRITEC.COM

This is the only change I see. Is this a bug or is my config not correct?


I can confirm that 802.1x isn’t working for me on 11.04.100. Today is the first day I have been in the office with one that has been converted in order to test.

however, the subject of the cert on 11.3.X for me is a little different. Mine has no slashes. It is identical to the 11.04.X except the 11.04.x has spaces like shown by @member

so instead of being like: C=US, ST=IN, L=Wabash, O=Beacon Credit Union, OU=IT, CN=DNSName

it is C = US, ST = IN, L = Wabash, O = Beacon Credit Union, OU = IT, CN = DNSName

Correct. Copied the line out of putty

Our Network Engineer is saying it never even tries to authenticate with the network.

looking at journalctl I see some network_man and nm_lan lines that contain ‘801-1x.identity: property is missing’

I tried recreating the SCEP certificate policy and the 802.1x policy and it didn’t help

These two lines appear to possibly causing an issue.

(see the screenshot inside the IGEL Community on Slack, join below)

this is from a device with 11.03.110 on it

I’ll open a ticket either later tonight or in the morning

Ticket Opened ITRS#2020082710000923 – Hopefully, support will have an idea how to fix.

This is the CSR, so yeah, something wrong there.

However, I think it is something more than that. If you look at the certificate I posted above, even the Issuer had those extra spaces. So I don’t think it is with the CSR creation, but rather with something that is reading the file.

Thanks for being so active on this 🙂

The new firmware 11.04.112 does fix this issue. I just tested it and 802.1x authentication is working

It is working fine now, Thanks

Continue reading and comment on the thread ‘IGEL OS authentication with 802.1x issues’.  Not a member? Join Here!

Learn more, search the IGEL Knowledge Base

Ask a question or comment on the above message thread?

Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.

Submit a question, or Join Today!

Popular Message Threads

Categories & Tags: