Security

Reply
Frequent Contributor I
Posts: 83
Registered: ‎09-29-2011

How to authenticate users in MSCHAP2 via 2 differents AD domains with only one CPPM ?

Hi,

 

We have two controlers Wifi and two differents domain AD (with no approbation), and one Clearpass, the EAP termination is not on the controler.

 

 

With MSCHAPv2, is it possible to authenticate* users via 2 differents AD domains with only one CPPM ?

 

 

* Not only for used for user lookup and attribute fetching.

 

Regards

 

Yann

 

 

 

 

Aruba
Posts: 1,548
Registered: ‎06-12-2012

Re: How to authenticate users in MSCHAP2 via 2 differents AD domains with only one CPPM ?

Yes. You can join multiple domains and add multiple AD auth sources in the service.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Frequent Contributor I
Posts: 83
Registered: ‎09-29-2011

Re: How to authenticate users in MSCHAP2 via 2 differents AD domains with only one CPPM ?

Hi Tarnold,

 

I have all ready add my two AD in auth sources.

I tried to do this, but it's doesn't work, i have this error message when i want to authenticate one AD user on my wifi 802.1x.

 

RADIUS

MSCHAP: AD status:Reading winbind reply failed! (0xc0000001)
MSCHAP: AD status:Reading winbind reply failed! (0xc0000001)
MSCHAP: Authentication failed
EAP-MSCHAPv2: User authentication failure

 

Regards

 

Yann

Aruba
Posts: 1,548
Registered: ‎06-12-2012

Re: How to authenticate users in MSCHAP2 via 2 differents AD domains with only one CPPM ?

Make sure you joined CPPM to the domain and the read account in the auth sources has sufficient privileges.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Aruba
Posts: 1,548
Registered: ‎06-12-2012

Re: How to authenticate users in MSCHAP2 via 2 differents AD domains with only one CPPM ?

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/CPPM-AD-Authentication-Error-Message-Reading-windind-reply/td-p/139513
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Frequent Contributor I
Posts: 83
Registered: ‎09-29-2011

Re: How to authenticate users in MSCHAP2 via 2 differents AD domains with only one CPPM ?

Hi Tarnold,

 

Thanks you for your answer, but it's no possible to join two differents domain with only one Clearpass.

Have you another way ?

 

Regards 

 

Yann

 

Aruba
Posts: 1,548
Registered: ‎06-12-2012

Re: How to authenticate users in MSCHAP2 via 2 differents AD domains with only one CPPM ?

Yes you can.

 

Here you can see that Im joined to 3 domains that do not have any trust between them.

 

Screen Shot 2014-12-30 at 3.47.00 AM.png

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Frequent Contributor I
Posts: 83
Registered: ‎09-29-2011

Re: How to authenticate users in MSCHAP2 via 2 differents AD domains with only one CPPM ?

it's true, I had not seen !!

 

Thanks Tarnold ! 

Search Airheads
Showing results for 
Search instead for 
Did you mean: