Security

Hi, I'm observing strange behaviour on clearpass 6.7:

I have AD on zentyal and CPPM has joined the domain, ldap search is working fine, ad auth from cppm cli works fine.

[appadmin@cppm1]# ad auth -u jk -n labs
Password:
NT_STATUS_OK: Success (0x0)

But when I try to authenticate from windows 10 or android device i'm rejected with such message:

I'm not familiar with zentyal AD. I found this reference to the same error, which suggests that it has to do with NTLMv1 being disabled (on different products though). Please be advised that you should avoid PEAP-MSCHAPv2 whenever possible, only exceptions are when you have 100% control over your client to lock down the configuration, or if you don't mind that the user's password leaks out.