04-13-2016 04:34 PM
I have this issue that it´s happen in two different clients those have windows server 2012, I already did the process in this foro (http://community.arubanetworks.com/t5/AAA-NAC-Gues
Do you have any recommendation to fix this issue, thanks.
04-23-2016 03:07 AM
If you haven't already, you should contact TAC and let them know that the problem still exists...
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
04-24-2016 05:25 AM
This message indicates that there is something wrong with the domain join of your ClearPass.
I have seen windows administrators delete the computer account the ClearPass created (and requires to do MSCHAP authentication), so double check with your AD admins.
You can check as well:
- That ClearPass is configured to use the Active Directory DNS servers; that is needed to find the right domain controllers.
- That time is set correct on both ClearPass and the domain controllers; use the domain controllers as NTP server to make sure they run the same time source.
- That there are no firewall in between ClearPass and your domain controllers that might block the authentication traffic.
- You can check from the appadmin (console) account the AD and kerberos servers:
[email@example.com]# ad auth -u herman -n nl password: INFO - NT_STATUS_OK: Success (0x0)
[firstname.lastname@example.org]# krb auth email@example.com Using default cache: /tmp/krb5cc_0 Using principal: herman@NL.ARUBALAB.COM Password for herman@NL.ARUBALAB.COM: Authenticated to Kerberos v5
And work with TAC if these do not fix your issue...
If you have urgent issues, please contact your Aruba partner or Aruba TAC.