Security

Reply
MVP

AD-join failing to resolve NETBIOS name

I'm trying to get a clearpass registered in AD but running into some issues. When trying to resolve the NETBIOS name is fails with error: ads_connect: No logon servers

 

Clearpass is behind a firewall. I requested that the required ports be opened (according to http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/What-are-the-ports-that-need-to-be-opened-on-the-network/ta-p/175872) but still no luck.

 

When I do a packet capture during the join attempt I can see Clearpass doing DNS (and getting answers).

I can also see CLDAP (udp 389) searchRequest for "<ROOT>" baseobject to the domain server but it appears nothing is being returned even though routing seems ok.

 

Finaly I also see some netbios queries (only queries, no answers) coming from both data and mgmt interfaces where I only use mgmt for everything but guest traffic.

 

So, what is going wrong here? What exactly is being used to resolve that NETBIOS name?

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.

Re: AD-join failing to resolve NETBIOS name

It might be worth adding a route to the domain controller (or domain controller subnet) over a particular interface.

 

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
---------------------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Aruba Employee

Re: AD-join failing to resolve NETBIOS name

Hi ,

 

Generally we see such error message if AD is not reachable, could you try do a testjoin from CLI


Tests if Policy Manager is a member of the AD domain.
Syntax
ad testjoin

 

Try join the AD from CLI


Joins host to the domain.
Syntax
ad netjoin <domain-controller.domain-name>

Highlighted
Guru Elite

Re: AD-join failing to resolve NETBIOS name

MVP

Re: AD-join failing to resolve NETBIOS name

Thanks all, lesson learned, trust your own pcaps over fw guys :P

Needed ldap, opened only sldap

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: