Security

Reply
Contributor I

Cannot join CPPM to read-only domain controller

Hi all,

 

I'm trying to join CPPM to a read-only domain controller (RODC), but get the following error message (access denied):

 

1.PNG

 

Things that I have checked:

1) No firewall between CPPM and the RODC

2) Time has been synchronized

3) CPPM can resolve FQDN of the RODC (see below):

 

[appadmin@cppm01]# network nslookup BMH-IT-RO.BMH.COM

Server:         10.188.108.10
Address:        10.188.108.10#53

Name:   BMH-IT-RO.BMH.COM
Address: 10.188.108.10
Name:   BMH-IT-RO.BMH.COM
Address: 172.16.1.11

 

(Note: 10.188.108.10 is the interface IP address of the RODC, and 172.16.1.11 is the tunnel IP address of the RODC to connect/sync data with Microsoft Azure)

 

So, there are basically two things that I'm not sure about and may relate to my issue:

1) Does CPPM support joining to a read-only domain controller?

2) Does the resolution of RODC's FQDN to two different IP addresses (as in the above) affect the domain joining process?

 

Thank you very much for your help, and please let me know if there's anything that I have missed.

 

Regards,

Aruba Employee

Re: Cannot join CPPM to read-only domain controller

Hi,

 

DC with read only domain access will not work and make sure FQDN resloves to single IP.

 

Were you able to communicate with both the IPs? 

and also enable SMBv1 if it is disabled on AD.

 

Regards,
Pavan

 

If my post addresses your query give kudos:)

Guru Elite

Re: Cannot join CPPM to read-only domain controller

You need to join ClearPass to a standard domain controller and then you can use the RODC for LDAP and password checks.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: