Security

Hey all,

I am trying to join a new ClearPass server to the domain, but am having strange issue. During join process, I received the following warning:

But it appears to have joined successfully.

I then attempted an authentication with a domain-joined windows PC, and it was REJECTED. The Alert tab shows:

Looking into the logs of this error shows the following:

Not sure what the issue could be, never ran into this same problem when joining to a domain. I verified the clearpass server object existed in AD and it was a member of the default computer OU, which is where another CPPM server also exists and is working without issue.

Any ideas would be greatly appreciated.

6.7.3

It appears there is some issue translating the clients domain name and the domain appended to the machine authentications - anyone ever run into that?

Customer domain is ABC123, but devices joined to the domain use device1.123abc.com for example.

Seems like it can't translate between them.

Opened a TAC case and we worked with the domain admin and found that the smb_<client domain>.conf file was missing a few lines compared to a working server in the environment.

The primary line missing is the following:

After matching up the files, we were able to test a successful domain machine authentication. We also restarted the domain service prior to testing. The other lines missing were under a Logging section, but not sure they played any role in the issue.

TAC indicated it may be a bug in the code upgrade to 6.7.3 and collected log files and config backup to try and review.