you can only do EAP-TLS auth with your setup.
Note that legacy protocols such as EAP-PEAP are no longer supported when moving from on-prem to cloud identity providers.
if you need to do EAP-PEAP auth, then you 'll need
NPS integration to Azure AD that can then be used as a RADIUS server by ClearPass.------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------
Original Message:
Sent: Dec 21, 2021 09:14 AM
From: Ahmad Enaya
Subject: Joining ClearPass to Azure AD Domain Services
I am trying to build all cloud ClearPass - Azure ADDS setup. I can see that Centos can join Azure ADDS as per Microsoft documentation
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/join-centos-linux-vm
I have Azure ADDS setup and ClearPass in Azure Cloud. I can do LDAP/LDAPS from ClearPass to AADDS with no issues and I can join Windows devices to AADDS. I am trying to join ClearPass to AADDS to try EAP-PEAP, but I am receiving the following error (I replaced domain name with xxxxx)
Adding host to AD domain...
INFO - Fetched REALM 'xxxxx.COM' from domain FQDN
'xxxxx.com'
INFO - Fetched the NETBIOS name 'xxxxx'
INFO - Creating domain directories for 'xxxxx'
Enter admin@xxxxx.COM's password:
kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for
ldap/sabbarinacademy.com with user[admin] realm[xxxxx.COM]: Unexpected information received
Failed to join domain: failed to connect to AD: Unexpected
information received
INFO - Restoring smb configuration
INFO - Deleting domain directories for 'xxxxx'
ERROR - cppm failed to join the domain xxxxx.COM with
domain controller as xxxxx.com
Join domain failed
Any one tried this before? Should this work? is it supported by Aruba?
------------------------------
Ahmad Enaya
------------------------------