Security

Reply
Occasional Contributor I

Windows AD as Generic LDAP

When I use clearpass as a Radius server, and Windows AD / LDAP as an authentication source,then I encounter authentication issues.(no difference between using server 2008 and server 2003) I have attached some screenshots of the Clearpass.

 

错误代码: 216

错误类别: Authentication failure

错误消息: User authentication failed

此请求的警报 RADIUS  MSCHAP: Authentication failed

 

2014-03-31 18:00:45,219 [RequestHandler-1-0x7f3274762700 r=psauto-1396229786-275 h=79 r=R00000000-01-53393ccd] INFO Core.ServiceReqHandler - Service classification result = sylar-dot1x

2014-03-31 18:00:45,226 [Th 1 Req 0 SessId R00000000-01-53393ccd] WARN RadiusServer.Radius - win2008-ldap - 172.16.30.185: Password Attribute "userPassword" not available.

2014-03-31 18:00:45,227 [Th 1 Req 0 SessId R00000000-01-53393ccd] ERROR RadiusServer.Radius - rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.

2014-03-31 18:00:45,227 [Th 1 Req 0 SessId R00000000-01-53393ccd] ERROR RadiusServer.Radius - rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.

2014-03-31 18:00:45,228 [Th 1 Req 0 SessId R00000000-01-53393ccd] ERROR RadiusServer.Radius - rlm_mschap: FAILED: MS-CHAP2-Response is incorrect

 

Any help is much appreciated!

Keep learning
Guru Elite

Re: Windows AD as Generic LDAP

It's hard to tell from the screenshots; are you using an Active Directory authentication source or Generic LDAP?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Windows AD as Generic LDAP

Yes, of course I use AD/LDAP as an authentication source!

Keep learning
Guru Elite

Re: Windows AD as Generic LDAP

Which one are you using though? There is an Active Directory source and a Generic LDAP source. You should be using the Active Directory source.

 

auth-srouces-ad.png


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Windows AD as Generic LDAP

If I choose Active Dictionary, it works fine. But  I want to use Generic LDAP? Can that work?

Keep learning
Guru Elite

Re: Windows AD as Generic LDAP

May I ask why? 

 

MS-CHAPv2 will only work with the Active Directory preset.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Windows AD as Generic LDAP

I'm doing test. Does that mean I can use Active Dictionary as LDAP Server with PAP authentcation protocol?

Keep learning
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: