I have this issue that it´s happen in two different clients those have windows server 2012, I already did the process in this foro (http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/CPPM-management-user-authentication-against-AD-fails-No-trusted/ta-p/185422) this process is the recommend by the Aruba’s TAC, when I did this process the issue is fix by for a short time, after this short time the issue appears again, my Clearpass’s version is 6.5.2.
Do you have any recommendation to fix this issue, thanks.
If you haven't already, you should contact TAC and let them know that the problem still exists...
This message indicates that there is something wrong with the domain join of your ClearPass.
I have seen windows administrators delete the computer account the ClearPass created (and requires to do MSCHAP authentication), so double check with your AD admins.
You can check as well:
- That ClearPass is configured to use the Active Directory DNS servers; that is needed to find the right domain controllers.
- That time is set correct on both ClearPass and the domain controllers; use the domain controllers as NTP server to make sure they run the same time source.
- That there are no firewall in between ClearPass and your domain controllers that might block the authentication traffic.
- You can check from the appadmin (console) account the AD and kerberos servers:
[firstname.lastname@example.org]# ad auth -u herman -n nl
INFO - NT_STATUS_OK: Success (0x0)
[email@example.com]# krb auth firstname.lastname@example.org
Using default cache: /tmp/krb5cc_0
Using principal: herman@NL.ARUBALAB.COM
Password for herman@NL.ARUBALAB.COM:
Authenticated to Kerberos v5
And work with TAC if these do not fix your issue...
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.