last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass with AD authentication failed

  • 1.  Clearpass with AD authentication failed

    Posted Dec 15, 2020 04:37 AM
    Hi, i have joined the AD domain on clearpass, added it as authentication source, but when i connect to the SSID, the authentication fails. I tried to test in using Clearpass CLI and it said SUCCESS, as shown here:
    I also have unchecked the Bind user:

    This is what it said on Access Tracker:
    i saw this thread:
    Airheads Community
    it said that i need to open several ports, but the Clearpass and AD is in the same segment, and doesnt go through a firewall.

    Any idea for this? Thank you.


  • 2.  RE: Clearpass with AD authentication failed

    Posted Dec 15, 2020 09:33 AM
    Be advised that using PEAP-MS-CHAPv2 is deprecated because the underlying encryption is cracked and your credentials can lead out.  EAP-TLS should be deployed instead whenever possible.

    Could it be that you have a cluster and just joined one of the nodes to your AD? You should join all of your ClearPass servers.

    Is your ClearPass server configured with the AD server(s) as DNS server?

    Are the clocks (time) synchronized between ClearPass and your AD?

    Is your AD server not overloaded?

    Herman Robers
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

  • 3.  RE: Clearpass with AD authentication failed

    Posted Dec 15, 2020 10:05 AM
    -I only have 1 Clearpass server
    -I dont believe i have configured the AD to be the DNS at the Clearpass server
    -I will check on the time again
    -Pretty sure its not overloaded


  • 4.  RE: Clearpass with AD authentication failed

    Posted Dec 20, 2020 04:59 PM

    hi i saw this winbind error before, on one of my deployment

    please try drop the cppm server from domain and rejoin again