Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CPPM Fails some user auths due to not finding socket for the domain

This thread has been viewed 1 times

  • 1.  CPPM Fails some user auths due to not finding socket for the domain

    Posted Feb 04, 2015 07:23 AM

    One of my CPPM boxes, the subscriber in a two server cluster is failing a large number of authentications. The error in th log will look like the following.

     

    2015-02-04 07:14:05,247[Th 311825 Req 127435050 SessId R0110286c-06-54d20d0c] INFO RadiusServer.Radius - rlm_service: The request was categorized into service "OCDSB Wireless Access Service" - 42:0:D022BEDBFE8A
    2015-02-04 07:14:05,247[Th 311825 Req 127435050 SessId R0110286c-06-54d20d0c] INFO RadiusServer.Radius - rlm_eap_mschapv2: Received MSCHAPv2 Response from client
    2015-02-04 07:14:05,247[Th 311825 Req 127435050 SessId R0110286c-06-54d20d0c] ERROR RadiusServer.Radius - Did not find socket directory for domain STAFF. Returning /var/avenda/tips/samba/samba_AD/winbindd_privileged
    2015-02-04 07:14:05,247[Th 311825 Req 127435050 SessId R0110286c-06-54d20d0c] INFO RadiusServer.Radius - rlm_mschap: authenticating user C20120, domain STAFF
    2015-02-04 07:14:05,250[Th 311825 Req 127435050 SessId R0110286c-06-54d20d0c] INFO RadiusServer.Radius - rlm_mschap: user C20120 authentication failed
    2015-02-04 07:14:05,250[Th 311825 Req 127435050 SessId R0110286c-06-54d20d0c] ERROR RadiusServer.Radius - rlm_mschap: AD status:Logon failure (0xc000006d)
    2015-02-04 07:14:05,250[Th 311825 Req 127435050 SessId R0110286c-06-54d20d0c] ERROR RadiusServer.Radius - Did not find socket directory for domain STAFF. Returning /var/avenda/tips/samba/samba_AD/winbindd_privileged
    2015-02-04 07:14:05,250[Th 311825 Req 127435050 SessId R0110286c-06-54d20d0c] INFO RadiusServer.Radius - rlm_mschap: authenticating user C20120, domain STAFF
    2015-02-04 07:14:05,254[Th 311825 Req 127435050 SessId R0110286c-06-54d20d0c] INFO RadiusServer.Radius - rlm_mschap: user C20120 authentication failed
    2015-02-04 07:14:05,254[Th 311825 Req 127435050 SessId R0110286c-06-54d20d0c] ERROR RadiusServer.Radius - rlm_mschap: AD status:Logon failure (0xc000006d)
    2015-02-04 07:14:05,254[Th 311825 Req 127435050 SessId R0110286c-06-54d20d0c] ERROR RadiusServer.Radius - rlm_mschap: FAILED: MS-CHAP2-Response is incorrect

     

    The odd thing is that not all auths fail and those that do will eventually manage a successful authentication. The CPPMs have been joined to our active directory and are set to use any domain controller that replies to the request.

     

    Anyone else had a problem like this?



  • 2.  RE: CPPM Fails some user auths due to not finding socket for the domain

    Posted Feb 04, 2015 10:21 AM

    For the Domain server you added CPPM can you query the rest of the servers through DNS ?

     

    Is there a trust relationship between domains ?



  • 3.  RE: CPPM Fails some user auths due to not finding socket for the domain

    EMPLOYEE
    Posted Feb 05, 2015 01:22 AM
    What version of CPPM are you using. There was a bug in an older version that might cause that issue.


  • 4.  RE: CPPM Fails some user auths due to not finding socket for the domain

    Posted Feb 05, 2015 07:23 AM

    Thanks tarnold,

     

    My CPPM appliances are both running on 6.4.3.6 code. 

     

    Cheers



  • 5.  RE: CPPM Fails some user auths due to not finding socket for the domain

    Posted Apr 09, 2015 11:12 AM

    Hello,

     

    We're using Clearpass 6.4.5.71640 and have the same issue.

    The Clearpass appliances are joined to the root of Active Directory domains with approbation relationships between them.

    The LDAP search is working very well into each domain after binding with a single service account, using the approbation relationships, but then authentication of the computer object fails with a "not finding socket for the domain" error.

    If we do a packet capture we can see that the Clearpass appliances never tried to connect to anything.

    Do you have any idea about what causes this issue ?

     

    Kind regards,



  • 6.  RE: CPPM Fails some user auths due to not finding socket for the domain

    Posted Feb 05, 2015 07:21 AM

    Thanks for your response Victor,

    I am able to query all of our domain controllers through DNS and there is a trust between the domains.

     

    The weird thing is the problem is intermittant and only seems to happen on my subscriber.

     

    Cheers