Security

last person joined: 7 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Error Code:216, Authentication Failure

This thread has been viewed 22 times

  • 1.  Error Code:216, Authentication Failure

    Posted Apr 01, 2014 04:38 PM

    I am an Aruba partner and I have a 3-year evaluation copy of CPPM.  I had to rebuild my VM and reinstall my CP server, because my old server crashed during a power outage.  I got the guest captive portal working, but I am having some difficulty with the Employee authentication piece.  I have configured the authentication source (my internal AD server) and I can browse the base DN from within the Authentication Sources->Primary tab on CPPM, which I assume confirmsthat CPPM can talk to and browse my AD server and that the bind DN information is correct.

     

    I have tried deleting and reconfiguring the service and deleting and reconfiguring the authentication source to no avail.  I am not sure where, or why my connection choses the correct service and then says there is no authentication source.

     

    i have attached some screen shots for reference.

     

    Any suggestions would be greatly appreciated.

     

    Regards,



  • 2.  RE: Error Code:216, Authentication Failure

    EMPLOYEE
    Posted Apr 01, 2014 05:04 PM

    It looks like you did this already, but did you add the CPPM server to the domain?



  • 3.  RE: Error Code:216, Authentication Failure

    Posted Apr 01, 2014 05:11 PM

    Yes, the ClearPass server is joined to the domain.  I modified the service slightly to allow me to run the AAA Test Server routine from the controller and that also failed.  Then I tried mapping a network drive on my AD server from my laptop and that also failed.  Although, I did try authenticating via ClearPass using somebody elses credentials and that had also failed.

     

    At this point, I'm not sure if the problem is with my CP server, or my AD server. 

     

    Regards,



  • 4.  RE: Error Code:216, Authentication Failure

    Posted Apr 01, 2014 05:33 PM

     

    Like cjoseph mentioned look in here to make sure the server has been added to the Domain :

     

    2014-03-26 12_35_02-CPPM_6_3_snmp_support_tech_ note.pdf.png



  • 5.  RE: Error Code:216, Authentication Failure

    EMPLOYEE
    Posted Apr 01, 2014 06:11 PM

    So, it looks like your LDAP server is not even finding that user in your LDAP tree.  Does the user even exist?  Can you browse to that user using your LDAP?  Is your base-DN high enough in the tree?

     



  • 6.  RE: Error Code:216, Authentication Failure

    Posted Apr 01, 2014 07:16 PM
    Hi,

    I had the same issue after restoring a backup. LDAP is working, and I was able to browse the AD tree within the Auth Source, but auth failed...

    The solution was to have CPPM join the AD. It seems like CPPM does not restore the domain membership when restoring a backup.

    "Administration -> Server Manager -> Join AD"


  • 7.  RE: Error Code:216, Authentication Failure

    Posted Apr 02, 2014 10:23 AM

    Thank you, VLD.  I did leave and rejoin the domain once already, and the CP server says that it is part of the domain.  When I look at the Access Tracker log, it looks like the user connection is using the correct Service, but no authentication source is being selected.

     

    I have attached screen shots of the Access Tracker Summary page and the Server Configuration page.

     

    Regards,