Security

I have successfully, I thought, integrated a Cisco 5508 WLC with CPPM.  When I attempt to join the SSID I'm unable to do so and the only info I get is obtained from the Access Tracker which says Error Code 216 Authentication Failure-User authentication failed.

CPPM is definitely joined to the AD domain and it looks like my username I attempt to join the ssid with (which is in the ad tree) works but not the password.  Any thoughts appreciated.  THanks.

RADIUS MSCHAP: Authentication failed
EAP-MSCHAPv2: User authentication failure

2019-07-01 10:57:58,261 [Th 42 Req 64 SessId R00000008-01-5d1a2d85] WARN RadiusServer.Radius - AD - chidc.us.drwholdings.com: Password Attribute "userPassword" not available.
2019-07-01 10:57:58,327 [Th 42 Req 70 SessId R00000008-01-5d1a2d85] ERROR RadiusServer.Radius - rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
2019-07-01 10:57:58,327 [Th 42 Req 70 SessId R00000008-01-5d1a2d85] ERROR RadiusServer.Radius - rlm_mschap: FAILED: MS-CHAP2-Response is incorrect

Have you checked the following post regarding Cisco WLC and 802.1X. It may help you identify what you might be missing or have misconfigured.

https://community.arubanetworks.com/t5/Education-Australia-New-Zealand/Aruba-ClearPass-with-Cisco-WLC-802-1X-Role-Based-Access/gpm-p/455879

I hope this helps,

From what you shared, it appears that ClearPass does not have access to the password. Can you share what is in the Alerts tab of access tracker? It has information on which authentication sources are tried and what the result was.

Did you try a successful authentication test under Policy Simulation?

Does a test of domain join return success?

Probably getting someone from your partner, or the Aruba TAC on an interactive troubleshooting session is the most reliable way to get an issue like this resolved. The root cause is probably clear as soon as someone has a full vision on the system rather than some snapshots from logs only.