Security

Reply
Super Contributor I

RADIUS: MSCHAP: AD status:No trusted SAM account (0xc000018b)

Hello guys

 

I have this issue that it´s happen in two different clients those have windows server 2012, I already did the process in this foro (http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/CPPM-management-user-authentication-against-AD-fails-No-trusted/ta-p/185422) this process is the recommend by the Aruba’s TAC, when I did this process the issue is fix by for a short time, after this short time the issue appears again, my Clearpass’s version is 6.5.2.

 

Do you have any recommendation to fix this issue, thanks.

 

Guru Elite

Re: RADIUS: MSCHAP: AD status:No trusted SAM account (0xc000018b)

If you haven't already, you should contact TAC and let them know that the problem still exists...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: RADIUS: MSCHAP: AD status:No trusted SAM account (0xc000018b)

This message indicates that there is something wrong with the domain join of your ClearPass.

 

I have seen windows administrators delete the computer account the ClearPass created (and requires to do MSCHAP authentication), so double check with your AD admins.

You can check as well:

- That ClearPass is configured to use the Active Directory DNS servers; that is needed to find the right domain controllers.

- That time is set correct on both ClearPass and the domain controllers; use the domain controllers as NTP server to make sure they run the same time source.

- That there are no firewall in between ClearPass and your domain controllers that might block the authentication traffic.

- You can check from the appadmin (console) account the AD and kerberos servers:

[appadmin@cppm.nl.arubalab.com]# ad auth -u herman -n nl
password: 
INFO -  NT_STATUS_OK: Success (0x0)
[appadmin@cppm.nl.arubalab.com]# krb auth herman@nl.arubalab.com

Using default cache: /tmp/krb5cc_0
Using principal: herman@NL.ARUBALAB.COM
Password for herman@NL.ARUBALAB.COM: 
Authenticated to Kerberos v5

And work with TAC if these do not fix your issue...

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: