ClearPass uses Samba internally which is affected by security advisory CVE-2016-2118 (aka "Badlock").
According to RedHat:
"An Active Directory infrastructure with a Samba server as a domain member is vulnerable to this flaw, as a man-in-the-middle attacker could intercept traffic between the domain member and the domain controller to impersonate the client and get the same privileges as the authenticated user account."
We need guidance from Aruba on what steps they are taking to resolve this within the ClearPass product and how long the wait will be.
Thanks.