Security

Reply
Super Contributor I

RADIUS: MSCHAP: AD status:No trusted SAM account (0xc000018b)

Hello guys

 

I have this issue that it´s happen in two different clients those have windows server 2012, I already did the process in this foro (http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/CPPM-management-user-authentication-against-AD-fails-No-trusted/ta-p/185422) this process is the recommend by the Aruba’s TAC, when I did this process the issue is fix by for a short time, after this short time the issue appears again, my Clearpass’s version is 6.5.2.

 

Do you have any recommendation to fix this issue, thanks.

 

Guru Elite

Re: RADIUS: MSCHAP: AD status:No trusted SAM account (0xc000018b)

If you haven't already, you should contact TAC and let them know that the problem still exists...


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase

Re: RADIUS: MSCHAP: AD status:No trusted SAM account (0xc000018b)

This message indicates that there is something wrong with the domain join of your ClearPass.

 

I have seen windows administrators delete the computer account the ClearPass created (and requires to do MSCHAP authentication), so double check with your AD admins.

You can check as well:

- That ClearPass is configured to use the Active Directory DNS servers; that is needed to find the right domain controllers.

- That time is set correct on both ClearPass and the domain controllers; use the domain controllers as NTP server to make sure they run the same time source.

- That there are no firewall in between ClearPass and your domain controllers that might block the authentication traffic.

- You can check from the appadmin (console) account the AD and kerberos servers:

[appadmin@cppm.nl.arubalab.com]# ad auth -u herman -n nl
password: 
INFO -  NT_STATUS_OK: Success (0x0)
[appadmin@cppm.nl.arubalab.com]# krb auth herman@nl.arubalab.com

Using default cache: /tmp/krb5cc_0
Using principal: herman@NL.ARUBALAB.COM
Password for herman@NL.ARUBALAB.COM: 
Authenticated to Kerberos v5

And work with TAC if these do not fix your issue...

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: