Security

Reply
Frequent Contributor II

Read Only Domain Controller causing user authentication problems

Hi:

We're running MSCHAP authentication for users to an AD domain.

A few weeks ago we put a read only domain controller online at another site (online 24/7 via VPN tunnel).

All was fine until today when Clearpass decided to start using the RODC to authenticate users. All user authentication failed.

When I typed 'show domain' from the console, it listed the RODC as the 'Domain Server Ip Address'.

Once I shut down the tunnel to the RODC, clearpass went back to using local servers. 

How to I force Clearpass to use local servers for user auth?

Configuration » Authentication » Sources lists only the local servers for primary and backups.

Administration » Server Manager » Server Configuration lists only the local severs under the AD Domains section.

What else do I need to do to force local server auth?

 

Thanks,

Tony

Guru Elite

Re: Read Only Domain Controller causing user authentication problems

Tony1234,

 

I don't know if there is a problem with read-only domain controllers or not.  To restrict the domain controllers to only the ones you want to contact, you can do this:

 

Go to Administration > Server Manager > Server Configuration > Click on Server > and click on a little tiny icon called "Password Servers" at the bottom.  You can then add the ip addresses tht you want mschapv2 restricted to for authentication.

passwordservers.png

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: