Security

Reply
MVP
Posts: 1,413
Registered: ‎11-30-2011

ClearPass can't join domain

trying to have ClearPass join an AD domain, via GUI and CLI, getting the output below. anyone experienced this issue before?

 

Adding host to AD domain...
INFO - Fetched the NETBIOS name 'TEST'
Stopping cpass-domain-server: [ OK ]
Starting cpass-domain-server: [ OK ]
Enter aruba's password:
Failed to join domain: failed to lookup DC info for domain 'TEST.LOC' over rpc:
Logon failure
INFO - Restoring smb configuration
INFO - Restoring krb5 configuration file
Stopping cpass-domain-server: [ OK ]
Starting cpass-domain-server: [ OK ]
ERROR - clearpasstest.test.loc failed to join the domain TEST.LOC
Join domain failed

is there a checklist for what the AD version must be and such?

Guru Elite
Posts: 21,007
Registered: ‎03-29-2007

Re: ClearPass can't join domain


boneyard wrote:

trying to have ClearPass join an AD domain, via GUI and CLI, getting the output below. anyone experienced this issue before?

 

Adding host to AD domain...
INFO - Fetched the NETBIOS name 'TEST'
Stopping cpass-domain-server: [ OK ]
Starting cpass-domain-server: [ OK ]
Enter aruba's password:
Failed to join domain: failed to lookup DC info for domain 'TEST.LOC' over rpc:
Logon failure
INFO - Restoring smb configuration
INFO - Restoring krb5 configuration file
Stopping cpass-domain-server: [ OK ]
Starting cpass-domain-server: [ OK ]
ERROR - clearpasstest.test.loc failed to join the domain TEST.LOC
Join domain failed

is there a checklist for what the AD version must be and such?

Make

Make sure that the ip address of the DNS server for the clearpass box is one of the DNS servers in AD.  DNS must be able to resolve the FQDN to join the domain.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,413
Registered: ‎11-30-2011

Re: ClearPass can't join domain

that is the case, DNS is running on the AD server (windows 2003) and that is also set as DNS server on the clearpass.

Guru Elite
Posts: 21,007
Registered: ‎03-29-2007

Re: ClearPass can't join domain

Sorry,

 

I did not see the big "logon failure".  What did you put for the username and password?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,413
Registered: ‎11-30-2011

Re: ClearPass can't join domain

tried with the default administrator account and used the checkbox to enter a self created admin account.

 

 

MVP
Posts: 1,413
Registered: ‎11-30-2011

Re: ClearPass can't join domain

went on trying some more, another DC (win 2008) and some more testing. eventually it worked, but unsure what exactly did the trick. once I have some time I might try it again from scratch.

Guru Elite
Posts: 21,007
Registered: ‎03-29-2007

Re: ClearPass can't join domain

Interesting.  The only ways I got it to fail with that message is wrong username and password...

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,413
Registered: ‎11-30-2011

Re: ClearPass can't join domain

that is always possible, i usually try a couple of times to be sure i get it right at least once :smileyvery-happy: perhaps i missed it.

Guru Elite
Posts: 21,007
Registered: ‎03-29-2007

Re: ClearPass can't join domain

Do you have any special characters in your password?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite
Posts: 8,456
Registered: ‎09-08-2010

Re: ClearPass can't join domain

Looks like you are entering the fully qualified username (username@domain.tld). Can you try just the username?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: