Offlate we are having issues with users authenitcating agains Windows AD through clearpass. Clearpass logs reads error 9002, Reading winbind reply failed and there were few logs with NT_STATUS_IO_TIMEOUT.
Once we delete and add the clearpass back to domain, things starts to work. While adding back to domain i have to manually point it to a specific domain controller as adding just with domain returned the following error.
'XX.LOCAL.COM'
INFO - Fetched the NETBIOS name 'XX.LOCAL.COM'
INFO - Creating domain directories for 'LOCAL.COM'
Enter clearpassuser's password:
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Unspecified GSS
failure. Minor code may provide more information : Server not found in Kerberos database
Failed to join domain: failed to connect to AD: Unspecified GSS
failure. Minor code may provide more information : Server not found in Kerberos database
INFO - Restoring smb configuration
INFO - Restoring krb5 configuration file
INFO - Deleting domain directories for 'LOCAL'
ERROR - lxmaclearpass01 failed to join the domain
XX.LOCAL.COM with domain controller as xx.local.com
Join domain failed
This was happening for the second time in the week. We made two changes, 1. hostname which was changed 25 days ago and 2. Installed and later removed the installed server certficate which we changed ~3 days before this issue first occured.
Any suggestions would be greatly appreciated.
Thanks,
Sundar