Security

Reply
Frequent Contributor II
Posts: 143
Registered: ‎07-27-2012

Read Only Domain Controller causing user authentication problems

Hi:

We're running MSCHAP authentication for users to an AD domain.

A few weeks ago we put a read only domain controller online at another site (online 24/7 via VPN tunnel).

All was fine until today when Clearpass decided to start using the RODC to authenticate users. All user authentication failed.

When I typed 'show domain' from the console, it listed the RODC as the 'Domain Server Ip Address'.

Once I shut down the tunnel to the RODC, clearpass went back to using local servers. 

How to I force Clearpass to use local servers for user auth?

Configuration » Authentication » Sources lists only the local servers for primary and backups.

Administration » Server Manager » Server Configuration lists only the local severs under the AD Domains section.

What else do I need to do to force local server auth?

 

Thanks,

Tony

Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Re: Read Only Domain Controller causing user authentication problems

Tony1234,

 

I don't know if there is a problem with read-only domain controllers or not.  To restrict the domain controllers to only the ones you want to contact, you can do this:

 

Go to Administration > Server Manager > Server Configuration > Click on Server > and click on a little tiny icon called "Password Servers" at the bottom.  You can then add the ip addresses tht you want mschapv2 restricted to for authentication.

passwordservers.png

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: