Security

Hi All,

 

I'm having trouble adding a CPPM server to a domain. I'm getting an rpc access denied error.

 

DNS on CPPM is pointing to the domain controller.

User account is a domain admin.

Credentials are correct.

 

I suspect a firewall issue but have been shows an allow all rule for the CPPM to controller communication.

 

Here's what I'm seeing on the CLI:

 

[appadmin@cppm]# ad netjoin dc01.james.local
INFO - Fetched REALM 'JAMES.LOCAL' from domain FQDN 'dc01.james.local'
INFO - Fetched the NETBIOS name 'JAMES'
INFO - Creating domain directories for 'JAMES'
Enter dc01's user name:[Administrator] aruba
Enter aruba's password:
Enter aruba's password:
Failed to join domain: failed to lookup DC info for domain 'JAMES.LOCAL' over rpc: Access denied
INFO - Restoring smb configuration
INFO - Restoring krb5 configuration file
INFO - Deleting domain directories for 'JAMES'
ERROR - cppm failed to join the domain JAMES.LOCAL with domain controller as dc01.JAMES.LOCAL

 

Ideas?

Can you run the nslookup from clearpass and see if you can query the domain controller ?

Try turning off the fw on your dc.



Get Outlook for iOS

Nslookup is successful and the firewall is already off.

I've logged this with TAC who have just said this is a known issue and have suggested a fix that requires TAC CLI access.

I'll post back tomorrow with an update.

Probably the samba issue

Get Outlook for iOS

It was "the Samba issue".

 

Specifically, to resolve this they edited the file: /usr/local/avenda/tips/etc/smb.conf-template

and added the following entry:

client ipc signing = auto

above:

security = user 

 

I though this issue was resulved in 6.6.7, I guess not.