We have a problem, which one appears randomly and we have many diffulcuties to identify the origin and how to resolve it.
Here is the authentication chain:
Client request to authenticate > Access point > C4110-2 Controller > RADIUS Server > Active Directory *here parsing to find user and access right related to him* after that it does the same reverse path.
The problem here is the role applied to the client. Normally a specific role related to the client is setted after finding a match in AD. But in our situation the client take the "Default" role we made which deny all traffic.
You'll find in attachement a screenshot related to the role:
The network has an open SSID and connectable by WPA2-Enterprise (EAP-PEAP)
I can affirm it's linked to authentication because I try with a "test" network setup with WPA2-Personnal (with PSK) and it works perfectly.
We also thought of a VPN tunnel problem between sites but we have the same case in a site direclty connected by MAN network.
We check the logs: we can see the client PC trying to connect but didn't take an IP and the good Role (always the "Default"). We have no logs on RADIUS server.
Last information, on those sites the same network had been working for years and we had this case on different types of AP (2610, 3825i). Controller is a C4110-2 running the software version 09.21.14.0005
Please help me !!