Read Only Domain Controller causing user authentication problems
10-07-2015 10:16 AM
We're running MSCHAP authentication for users to an AD domain.
A few weeks ago we put a read only domain controller online at another site (online 24/7 via VPN tunnel).
All was fine until today when Clearpass decided to start using the RODC to authenticate users. All user authentication failed.
When I typed 'show domain' from the console, it listed the RODC as the 'Domain Server Ip Address'.
Once I shut down the tunnel to the RODC, clearpass went back to using local servers.
How to I force Clearpass to use local servers for user auth?
Configuration » Authentication » Sources lists only the local servers for primary and backups.
Administration » Server Manager » Server Configuration lists only the local severs under the AD Domains section.
What else do I need to do to force local server auth?
Re: Read Only Domain Controller causing user authentication problems
10-07-2015 02:00 PM
I don't know if there is a problem with read-only domain controllers or not. To restrict the domain controllers to only the ones you want to contact, you can do this:
Go to Administration > Server Manager > Server Configuration > Click on Server > and click on a little tiny icon called "Password Servers" at the bottom. You can then add the ip addresses tht you want mschapv2 restricted to for authentication.
*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars