What is your authentication method?
The LDAP/Global Catalog is just for authorization information, and if you want to do PEAP-MSCHAPv2 (DEPRECATED!!!!!) you would need to join the individual domains.
If you can share the output of Access Tracker for one working and one non-working user, most specific the Alerts tab, that may provide an indication of what's going on.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Sep 04, 2024 10:45 AM
From: Hatzo
Subject: CP with AD auth to multi forest trust
Hi all,
I'm not sure if what I'm trying to do is a valid design and need some assistance. We are building a secure environment and have a dedicated clear pass server that talks to this new secure.local domain. the domain/forest has a trust with user.local forest and we would like to have a group in secure.local with individual users from user.local. so far so good.
we can authenticate with a user that is part of secure.local but not with any users that are from user.local in the same group.
I'm doing a GC query on port 3268 and can browse AD will this work?